From owner-freebsd-hackers Thu Aug 29 12:43:53 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA29678 for hackers-outgoing; Thu, 29 Aug 1996 12:43:53 -0700 (PDT) Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA29663 for ; Thu, 29 Aug 1996 12:43:49 -0700 (PDT) Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id MAA07380; Thu, 29 Aug 1996 12:55:21 -0600 (MDT) Date: Thu, 29 Aug 1996 12:55:21 -0600 (MDT) Message-Id: <199608291855.MAA07380@rocky.mt.sri.com> From: Nate Williams To: Brandon Gillespie Cc: hackers@freebsd.org Subject: Re: 'Backwards' DES support for crypt(), while still using better algo's In-Reply-To: References: Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I'm working on hacking SHA-1 encryption into passwords as '$2$' (suggested > by Poul). One thought I had was on systems that have existing passwords > with DES, where they may want to use better encryption but they dont > because right now it is either all or nothing (? as far as I can tell). Or they use DES since they need it for interoperability with other OS's. > What would be nice is to have '$0$' be DES encryption, then we could still > support better encryption while also staying functional with older > passwords If I understand you correctly, this would mean that FreeBSD's DES encrypted password would be different than any other OS's DES encrypted password field. This is a bad thing IMHO, since a very common question people ask is if FreeBSD's password field is sharable with NetBSD/BSDi, OpenBSD, SunOS, etc.. If you install the secure dist (DES) converting to/from FreeBSD's format is trivial, and by changing it you are asking for trouble. Nate