Date: Mon, 14 Feb 2000 08:15:14 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: "Andrew L. Neporada" <andrew@chg.ru> Cc: cjclark@home.com, freebsd-questions@FreeBSD.ORG Subject: Re: MD5 and DES passwords maximum lenght Message-ID: <20000214081513.A40040@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.21.0002141108410.30821-100000@sign.chg.ru>; from andrew@chg.ru on Mon, Feb 14, 2000 at 11:20:29AM %2B0300 References: <20000213174656.G31722@cc942873-a.ewndsr1.nj.home.com> <Pine.BSF.4.21.0002141108410.30821-100000@sign.chg.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 14, 2000 at 11:20:29AM +0300, Andrew L. Neporada wrote: > On Sun, 13 Feb 2000, Crist J. Clark wrote: > > > On Sun, Feb 13, 2000 at 03:04:07AM +0300, Andrew L. Neporada wrote: > > > Hi! > > > Ocassional installation of DES distribution (through > > > Configure->Distributions->DES in /stand/sysinstall) seems to limit my > > > passowrds to eight symbols. Is it right? It seems to me that there is no > > > such limit in default encrypting scheme (MD5). What should I do to restore > > > MD5 encryption? (I suppose that 8 symbols is quite enough, but my pass is > > > longer ;-) > > > > > > Thanks in advance for any input and sorry for my English! > > > > Yes, in DES passwords, only the first eight characters are > > significant. If your password is longer, the extra characters are > > simply ignored, so you do not _need_ to change to MD5. > > > > However, if you still want to, you need to either (1) swap the > > symbolic links from libcrypt* from libdescrypt* to libscrypt* or (2) > > insert a "dummy" MD5 password into the master.passwd file (using > > vipw). In either case imediately use the passwd(1) command to reset > > the password to the right type. > > -- > > Crist J. Clark cjclark@home.com > > > Thank you! I swaped symlinks, so new passwords are MD5 encrypted now. > BTW, what do you mean under `"dummy" MD5 password`? Is it just an empty > password record? The libdescrypt library actually understands both DES and MD5 passwords. If a user already has an MD5 password and uses the passwd command to change it, the new password stays MD5. If the user has no password or already has a DES password, the new one will be DES. So, if the user in question has a DES password but you want to make it MD5, you need to somehow trick the passwd command into thinking they already have an MD5 password. One way to do this is put a dummy MD5 password, one with the $1$ (I think) token in front, in place. The actual content of the passowrd is meaningless, that's why its a dummy, but the token tricks passwd into using MD5 for the new one. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000214081513.A40040>