OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [MORE] Passwords database
From: Andrew Otwell (andrewnetworkcomputerz.com)
Date: Mon Feb 07 2000 - 07:57:22 CST

Maybe the best solution would be a passwd version that takes an argument
for the desired cipher:

passwd -MD5 username
passwd -DES username
passwd -3DES username
passwd -BLOWFISH username (borrowed from OpenBSD???)

Although, this would require much more run-time processing for login to
figure out which lib to use. It would also add MANY lines of source code
to a relatively simple program (e.g. passwd).

Just a suggestion.

Stuart Henderson wrote:
>
> On Sat, Feb 05, 2000 at 01:36:14PM +0100, Alexander Leidinger wrote:
> > If you add a new user, his passwd uses DES, not MD5. You have to add the
> > $1$ to the passwd-entry to use a MD5-hash.
>
> That is the main problem with the current system. In very many
> applications it would be more useful to allow passwords crypted with
> either method to be read but encrypt new passwords with MD5. This
> would mean, for example, users could have webserver passwords
> crypted with DES (for example, from a Windows htpasswd replacement)
> but still allow login passwords to all be MD5.
>
> Would using ldconfig to set the system to find a different crypt()
> library before running adduser provide a workaround for this scenario?
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message 

-- 
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
 Andrew T. Otwell, Network Administrator
 andrewnetworkcomputerz.com, 678.363.8491
 http://www.NetworkComputerz.com
 yank GPG DSS key from hkp://pgpkeys.mit.edu
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message