From owner-freebsd-security Tue Jul 6 16:38:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 19CAE14CFF for ; Tue, 6 Jul 1999 16:38:38 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id JAA13978; Wed, 7 Jul 1999 09:08:33 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA02105; Wed, 7 Jul 1999 09:08:33 +0930 Date: Wed, 7 Jul 1999 09:08:32 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Peter Wemm Cc: security@freebsd.org Subject: Re: Improved libcrypt ready for testing In-Reply-To: <19990706175814.3A9CE78@overcee.netplex.com.au> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Jul 1999, Peter Wemm wrote: > Say... you wouldn't like to impliment an NT-style password hash, would you? > *NOT* the LAN-Manager (LAN-damager?) hash with the 2 chunks of 7 characters > weak method that gets decoded in what seems like seconds according to > bugtraq. The NT hash is 128 character etc. It's also unicode and not case > sensitive, but that shouldn't be a problem to implement. This is worth looking at. Do the password hashes have any distinguishing characteristics other than being 128 characters long? I'm wondering how they'd be distinguished in the password file, unless we add a $NT$ prefix. Kris ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message