From owner-freebsd-security Tue Jul 6 10:58:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id A69DA14FA0 for ; Tue, 6 Jul 1999 10:58:15 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 3A9CE78; Wed, 7 Jul 1999 01:58:14 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.0.2 2/24/98 To: Kris Kennaway Cc: security@freebsd.org Subject: Re: Improved libcrypt ready for testing In-reply-to: Your message of "Tue, 06 Jul 1999 23:26:28 +0930." Date: Wed, 07 Jul 1999 01:58:14 +0800 From: Peter Wemm Message-Id: <19990706175814.3A9CE78@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > On Tue, 6 Jul 1999, Peter Wemm wrote: > > > I'd strongly suggest encoding the number of rounds as well, ie: > > $token$salt$rounds$password > > For the two algorithms which currently support variable rounds, it's > already encoded into the password: > > $Blowfish$xy$ following the OpenBSD format (xy = log2 rounds) , > and > > _ for New-DES. ( encoded as a base-64 binary > value). Say... you wouldn't like to impliment an NT-style password hash, would you? *NOT* the LAN-Manager (LAN-damager?) hash with the 2 chunks of 7 characters weak method that gets decoded in what seems like seconds according to bugtraq. The NT hash is 128 character etc. It's also unicode and not case sensitive, but that shouldn't be a problem to implement. The reason I ask is that there are a number of protocols that have this embedded in it, including PPP's MS-CHAP and SMB. Samba has to have a seperate password file with NT-style password hashes to authenticate with Win98 clients etc. There's a few examples of this hash method in the source tree, both ppp's have it for starters. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message