Date: Wed, 07 Jul 1999 01:58:14 +0800 From: Peter Wemm <peter@netplex.com.au> To: Kris Kennaway <kkennawa@physics.adelaide.edu.au> Cc: security@freebsd.org Subject: Re: Improved libcrypt ready for testing Message-ID: <19990706175814.3A9CE78@overcee.netplex.com.au> In-Reply-To: Your message of "Tue, 06 Jul 1999 23:26:28 %2B0930." <Pine.OSF.4.10.9907062308350.13993-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > On Tue, 6 Jul 1999, Peter Wemm wrote: > > > I'd strongly suggest encoding the number of rounds as well, ie: > > $token$salt$rounds$password > > For the two algorithms which currently support variable rounds, it's > already encoded into the password: > > $Blowfish$xy$<salt><password> following the OpenBSD format (xy = log2 rounds) , > and > > _<rounds><salt><password> for New-DES. (<rounds> encoded as a base-64 binary > value). Say... you wouldn't like to impliment an NT-style password hash, would you? *NOT* the LAN-Manager (LAN-damager?) hash with the 2 chunks of 7 characters weak method that gets decoded in what seems like seconds according to bugtraq. The NT hash is 128 character etc. It's also unicode and not case sensitive, but that shouldn't be a problem to implement. The reason I ask is that there are a number of protocols that have this embedded in it, including PPP's MS-CHAP and SMB. Samba has to have a seperate password file with NT-style password hashes to authenticate with Win98 clients etc. There's a few examples of this hash method in the source tree, both ppp's have it for starters. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990706175814.3A9CE78>