Date: Mon, 24 Sep 2001 10:39:48 -0700 (PDT) From: Paul Herman <pherman@frenchfries.net> To: Nathan Mace <mace_nathan@uchaswv.edu> Cc: Neil Darlow <neil@darlow.co.uk>, freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: Re: How do I enable Blowfish passwords? Message-ID: <20010924101328.S60749-100000@tick.sc.omation.com> In-Reply-To: <20010923210126.6d863b0f.mace_nathan@uchaswv.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Sep 2001, Nathan Mace wrote: > i know that blowfish is a way of encrypting passwprds, but is > it better than MD5? how is it different? Hi Nathan, If you are running NIS on a network with OpenBSD, it it compatable with OpenBSD, which uses blowfish as it's default. It also allows you to change the number of iterations on the fly, which means as computers get faster, the algortihm doesn't necessarily need to be changed to prevent dictionary attacks. Try it yourself: perl -e \ '$c = crypt "password","\$2a\$04\$theblowfishsaltisverylong"; \ print "$c\n";' perl -e \ '$c = crypt "password","\$2a\$09\$theblowfishsaltisverylong"; \ print "$c\n";' perl -e \ '$c = crypt "password","\$2a\$12\$theblowfishsaltisverylong"; \ print "$c\n";' The number after the second '$' is the log2 of the number of iterations it performs to generate the hash. The default in FreeBSD is hard coded to be the minimum allowable (4 i.e. 2^4 = 16 rounds), but there is nothing stopping you from pasting any higher order hashes into master.passwd file yourself. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010924101328.S60749-100000>