From owner-freebsd-security  Sun Apr 19 11:39:33 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA14136
          for freebsd-security-outgoing; Sun, 19 Apr 1998 11:39:33 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ady.warpnet.ro (ady.warpnet.ro [193.230.201.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA13934
          for <freebsd-security@FreeBSD.org>; Sun, 19 Apr 1998 18:38:47 GMT
          (envelope-from ady@warpnet.ro)
Received: from localhost (ady@localhost)
	by ady.warpnet.ro (8.8.8/8.8.8) with SMTP id AAA03667
	for <freebsd-security@FreeBSD.org>; Mon, 20 Apr 1998 00:38:12 +0300 (EEST)
	(envelope-from ady@warpnet.ro)
Date: Mon, 20 Apr 1998 00:38:12 +0300 (EEST)
From: Penisoara Adrian <ady@warpnet.ro>
To: freebsd-security@FreeBSD.ORG
Subject: Using MD5 insted of DES for passwd ecnryption
Message-ID: <Pine.BSF.3.96.980420001359.3162A-100000@ady.warpnet.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Hi,

  I observed that after installing the DES distribution on a fresh non-DES
system (or when installing from the beginning with DES) the next passwords
created/modified will be DES-encrypted instead of using MD5.

  How can one control which kind of encryption is to be used by the
system for password encryption ? For example I want to use only MD5
for passwords encryption but I need the DES libraries to be available
(because ppp/iijppp needs them -- probably in conjuction with CHAP/PAP
authentication).

  Taking a closer look at the DES distribution it seems that trigger of
"changing" the encryption style might be a new /sbin/init that overwrites
the old one -- does this mean that if I manually "untar" the distribution
but without overwriting the standard /sbin/init I can get the DES
libraries installed but without making them default for password 
encryption ?
  Also, from the [DES] crypt(3) page, it seems that the crypt() function
chooses the encryption style based on the 2nd "char *setting" argument
-- beeing that if it begins with "$1$" (MD5 signature ?) it will use "an
exportable format" (presumably MD5 ?). Is there a possibility to "force" a
specific encryption style for passwords based on this feature ?


  Also, another question: beeing that we plan to become an FreeBSD mirror
I'd like to know what's the status/proceeding regarding to mirroring the
DES/KRB/Crypto libraries/source code -- we are located in Romania,
Eastern Europe, so "outside USA" export restrictions apply.


  Thank you,
  Adrian Penisoara
  Ady (@warpnet.ro)
  Warp Net Technologies


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message