From owner-freebsd-hackers  Thu Aug 29 15:44:43 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA12938
          for hackers-outgoing; Thu, 29 Aug 1996 15:44:43 -0700 (PDT)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA12932
          for <hackers@freebsd.org>; Thu, 29 Aug 1996 15:44:39 -0700 (PDT)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id QAA08995; Thu, 29 Aug 1996 16:43:08 -0600 (MDT)
Date: Thu, 29 Aug 1996 16:43:08 -0600 (MDT)
Message-Id: <199608292243.QAA08995@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: Brandon Gillespie <brandon@tombstone.sunrem.com>
Cc: Nate Williams <nate@mt.sri.com>, hackers@freebsd.org
Subject: Re: 'Backwards' DES support for crypt(), while still using better , algo's
In-Reply-To: <Pine.BSF.3.91.960829154946.18074B-100000@tombstone.sunrem.com>
References: <199608292126.PAA08439@rocky.mt.sri.com>
	<Pine.BSF.3.91.960829154946.18074B-100000@tombstone.sunrem.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Brandon Gillespie writes:
> On Thu, 29 Aug 1996, Nate Williams wrote:
> > This is a non-standard case.  Most folks have all of one or the other.
> 
> Yes, but ONLY because we dont have any other option!
> 
> Once again, what I am suggesting is that--WHEN USING FreeBSD-centric
> password files--we have a package that you can drop in for DES passwords
> WITH the FreeBSD centric format.  Right now when you drop DES in DES 
> becomes the default, and from that point forward everything is DES, 
> although it will still read MD5 passwords changing a password will make 
> it a DES password.

Right, and if you modify the default to MD5, it will still read DES and
MD5 passwords and changes becomes MD5 passwords.  This works *right*
now.  Change the default to SH5 (??) and it'll still read MD5, DES, and
SH5 passwords and write out the new passwords scheme, but the idea is
that we *read* everything but only write out the default.

This is the way it is now.  There is no need to add a special 'token' to
the DES passwords for this to work.  The token is used merely to
recognize non-DES passwords, at which point you can use any # of tokens
to use progressively more advanced encryption methods.



Nate