From owner-freebsd-current  Sun Nov 12 13:37:37 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id NAA23258
          for current-outgoing; Sun, 12 Nov 1995 13:37:37 -0800
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id NAA23224
          for <current@freebsd.org>; Sun, 12 Nov 1995 13:37:31 -0800
Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id WAA17635; Sun, 12 Nov 1995 22:37:19 +0100
Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP
	id WAA10079; Sun, 12 Nov 1995 22:37:19 +0100
Received: (from j@localhost) by uriah.heep.sax.de (8.6.12/8.6.9) id WAA22212; Sun, 12 Nov 1995 22:34:37 +0100
From: J Wunsch <j@uriah.heep.sax.de>
Message-Id: <199511122134.WAA22212@uriah.heep.sax.de>
Subject: Re: Dual-personality crypt(3)!!
To: mark@grondar.za (Mark Murray)
Date: Sun, 12 Nov 1995 22:34:37 +0100 (MET)
Cc: joerg_wunsch@uriah.heep.sax.de, current@freebsd.org
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <199511121659.SAA03128@grumble.grondar.za> from "Mark Murray" at Nov 12, 95 06:59:43 pm
X-Phone: +49-351-2012 669
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 1026      
Sender: owner-current@freebsd.org
Precedence: bulk

As Mark Murray wrote:
> 
> > Anyway, i like it.  This would allow me to upgrade to MD5 some day
> > without losing all my DES passwords. ;-)
> 
> Not without a bit of extra work. The default encryption when no salt is
> specified will be DES. This was designed as a convenience for those
> who have MD5 and want to go DES without irritating all their users.
> as folks change their passwords, they will be DES'ed.

Well, i could UTSL.  Anyway, wouldn't it be possible to add a knob
(e.g. an environmental variable) that would allow to select the
default behaviour, defaulting to DES?

This way, we could satisfy both camps: people who want to `downgrade'
to DES for the one or the other reason, or people who've been running
with DES, but wish to use MD5 instead, e.g. since it's known to be
stronger.  This would allow for a gradual migration in both
directions.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)