From owner-freebsd-stable Wed Nov 29 3:25: 8 2000 Delivered-To: freebsd-stable@freebsd.org Received: from ipamzlx.physik.uni-mainz.de (ipamzlx.Physik.Uni-Mainz.DE [134.93.180.54]) by hub.freebsd.org (Postfix) with ESMTP id 7A85137B401 for ; Wed, 29 Nov 2000 03:25:05 -0800 (PST) Received: from ipamzlx.Physik.Uni-Mainz.DE (ipamzlx.Physik.Uni-Mainz.DE [134.93.180.54]) by ipamzlx.physik.uni-mainz.de (8.11.1/8.11.0) with ESMTP id eATBQu823734 for ; Wed, 29 Nov 2000 12:26:57 +0100 (CET) (envelope-from ohartman@ipamzlx.physik.uni-mainz.de) Date: Wed, 29 Nov 2000 12:26:56 +0100 (CET) From: "O. Hartmann" To: freebsd-stable@freebsd.org Subject: Password Encryption Problems Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dear Sirs. Sometimes it seems really strange to me what FreeBSD does when encrypting passwords. And as often I asked - there is no sufficient answer which type of encryption, DES or MD5, to use. Well, I swiched my libraries to use libdescrypt instead of libscrypt as described in the manpages and I never user the exclusion of making the default links when building a new system in /etc/make.conf. But I set MAKE IDEA to YES. So, lets explain what's the subject of my question. As I remember myself, MD5 encrypted passwords are typically revealed in passwd by a $ at the beginning of the sequence of encrypted passwords. DES encrypted passwords seems to be really short in comparison to MD5 encrypted passwords. Last week, I installed a new user and its password seems to be definitely encrypted by DES, but today's encrypted passwords seems to be MD5 although I did not change anything and I deleted first via vipw the password field to avoid FreeBSD checking and recognizing that the prior password is MD5 encrypted (I realized, that if there is a password MD5 encrypted and I change encryption libraries in the meanwhile, passwd seems the encrypt the new given password also in MD5, but when deleting the passwordfield or installing a new user when DES is alraedy activated, I get, better I got!, an short DES encrypted password). When I did this and checked the passowrd again, it seemed to be still MD5 encrypted. Why? Has anything changed in FreeBSD in the meanwhile? I use NIS/YP, but it is not completely installed and running, but the server on which I keep all the users and passwords is NIS server, maybe there is the reason located ... or not? In DES I have a password limitation of 8 characters, while FBSD's MD5 allows us 128 characters. But using NIS/YP limits again passwords and login to be limited by 8 characters, so I ask myself what encryption service is the best choice ... Thanks in advance, Oliver - MfG O. Hartmann ------------------------------------------------------------------- ohartman@ipamzlx.physik.uni-mainz.de Klimadatenserver-Abteilung des IPA IT Netz- und Systembetreuung Johannes Gutenberg-Universitaet Mainz Becherweg 21 D-55099 Mainz BRD/Germany Tel: +496131/3924662 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message