Date: Mon, 2 Oct 2000 16:34:37 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: hackers@FreeBSD.ORG Subject: Blowfish passwords Message-ID: <Pine.BSF.4.21.0010021536360.278-100000@bagabeedaboo.security.at12.de>
next in thread | raw e-mail | index | archive | help
Hi,
I've come up with a small patchset to libcrypt (ported from OpenBSD)
which adds the blowfish password digest in addition to des and md5.
Features include:
* Compatibility with OpenBSD (for those of us using NIS)
* switchable behavior in /etc/login.conf (passwd_format=bf)
* ability to do multiple rounds on the fly, i.e. 2^x iterations 1<x<99
* most importantly, this addition doesn't mess with the current
default behavior of FreeBSD (MD5/DES)
One "feature" is that the salt generated by /usr/bin/passwd isn't long
enough, so the salt seems to just get padded with zeroes (I'll have to
look into this), but that is a passwd(1) thing, and the whole thing
still works.
In addidtion, you can still generate entries manualy and putting them
into /etc/master.passwd:
bash-2.03$ perl -e 'print crypt("123", "\$2a\$09\$thissaltisindeedlongenough"), "\n";'
$2a$09$thissaltisindeedlongeePn7z/hl0cWlo/alWEfzNAPg6E/22J.y
It patches cleanly against -STABLE and -CURRENT, and only touches
libcrypt. Take a look at it, feedback/patches are welcome, and if you
like it, maybe someone can integrate it into -CURRENT. (I don't know
whose dept. this would be -- Mark Murray perhaps? )
http://www.frenchfries.net/paul/freebsd/blowfish.passwd.patch.gz
-Paul.
P.S. I didn't know where to put this, in lib/libcrypt or
secure/lib/libcrypt, but lib/libcrypt seemed the most logical...
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010021536360.278-100000>