From owner-freebsd-security Thu Sep 26 10:32: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C835E37B401 for ; Thu, 26 Sep 2002 10:31:59 -0700 (PDT) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8933D43E4A for ; Thu, 26 Sep 2002 10:31:57 -0700 (PDT) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id DAA13415; Fri, 27 Sep 2002 03:31:09 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 27 Sep 2002 03:31:08 +1000 (EST) From: Ian Smith To: Jan Wagner Cc: Olafur Osvaldsson , Dmitry Agafonov , freebsd-security@FreeBSD.ORG Subject: Re: Password encoding In-Reply-To: <20020926124450.A18244@de.tiscali.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 26 Sep 2002, Jan Wagner wrote: > Part of man : > > The algorithm used will depend upon whether crypt_set_format() has been > called and whether a global default format has been specified. Unless a > global default has been specified or crypt_set_format() has set the for- > mat to something else, the built-in default format is used. This is cur- > rently DES if it is available, or MD5 if not. > > How the salt is used will depend upon the algorithm for the hash. For > best results, specify at least two characters of salt. > > The crypt_get_format() function returns a constant string that represents > the name of the algorithm currently used. Valid values are `des', `blf' > and `md5'. > > The crypt_set_format() function sets the default encoding format accord- > ing to the supplied string. > > The global default format can be set using the /etc/auth.conf file using > the `crypt_format' property. Interestingly (perhaps) on a 4.5 RELEASE box, man 3 crypt includes the section above as is, except for the very last line which instead says: the crypt_default property. Which was also as commented out in the 4.5-R /etc/auth.conf. So I added # crypt_default = md5 des crypt_default = md5 and now get md5 passwds as desired when using adduser, which had earlier created DES passwds - and someone else suggested was broken re this? I gather that this property was since renamed, as above, for 4.6? Cheers, Ian > greets jw > > ps. man : (man auth.conf) && man 3 crypt && man 3 auth_getval(!!) > > On Thu, Sep 26, 2002 at 09:55:50AM +0000, Olafur Osvaldsson wrote: [..] > > Dmitry, > > You should be able to set it in /etc/auth.conf, but that doesn't work for me. > > > > You can instead run crypt_set_format("md5") to set the default for your prog > > to md5 or blf for blowfish. > > > > You could also make sure that your salts start with $$ wich would then > > set the algorithm used in encryption, more info on this in the crypt(3) manpage. > > > > /Oli > > > > On Thu, 26 Sep 2002, Dmitry Agafonov wrote: > > > > > Ok, how about more common question. How do I ask system crypt() to use MD5 > > > by default? /etc/make.conf or such? > > > > > > -- > > > Dmitry > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > > Olafur Osvaldsson > > Systems Administrator > > Internet a Islandi hf. > > Tel: +354 525-5291 > > Email: oli@isnic.is [..] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message