Date: Thu, 26 Jun 1997 10:15:36 -0600 (MDT) From: Brandon Gillespie <brandon@roguetrader.com> To: Nathan Dorfman <nathan@senate.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: DES and IDEA Message-ID: <Pine.BSF.3.96.970626100634.9277A-100000@ice.cold.org> In-Reply-To: <199706261508.LAA14025@limbo.senate.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Jun 1997, Nathan Dorfman wrote: > Hello I have a question about FreeBSD's crypt(). If I installed DES > when I originally installed the system, does the crypt() use DES > by default? Is my password file DES or IDEA? Example: if I run Crack > will it use DES or IDEA? Thanks! yes, once you install DES it will use DES no matter what, unless you specify something else by passing crypt() a seed with the appropriate prefix. From the new crypt comments: /* // Assumptions made with the new crypt format ($xx$..$..), started // by Poul-Henning Kamp: // // + The version ($xx$) will be either a two to four alphanumeric // tag representing the encryption method, or a numeric version // (also representing the encryption method). $1$ is MD5, $2$ // is OpenBSD's Blowfish. Also known alphanumeric tags are: // MD5, SHA1 and BF--although Blowfish support is not integrated. // + If the new format $xx$.. is specified, but the tag is not // recognized, crypt() will default to the best method (currently // SHA-1). If new format is not specified, and DES is not // installed, the best method will also be used. However, if // DES is installed, and the new format is not specified, it // will use DES. // + passwords beginning with $xx$ always specify the new crypt format. // + Salt may not include '$' in it's character set--check for // this in code calling crypt, or it will truncate the salt. */ Along the same lines (this is not quite as relevant to your question) once this crypt() is integrated into the source tree, I also planned on submitting some changes to passwd to read a config file (such as /etc/passwd.conf) where it will get the default salt to use, so you can install DES on your system for old password, and set /etc/passwd.conf to use SHA1 encryption for any new crypt() calls, instead of defaulting to DES for everything. -Brandon Gillespie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970626100634.9277A-100000>