Date: Mon, 18 Sep 2000 10:24:58 +0300 (EEST) From: Evren Yurtesen <yurtesen@ispro.net.tr> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: "Vladimir B. Grebenschikov" <vova@express.ru>, freebsd-security@FreeBSD.ORG, Brian Feldman <green@FreeBSD.ORG> Subject: Re: MD5 passwords vs DES Message-ID: <Pine.BSF.4.21.0009181017590.26927-100000@finland.ispro.net.tr> In-Reply-To: <Pine.BSF.4.21.0009172309080.66732-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
If you dont mind the side effects you can try to compile passwd and perl with /usr/lib/libscrypt.a instead of -lcrypt (which defaults to /usr/lib/libcrypt.a which is linked to either DES or MD5 library) when you use libscrypt in your passwd and perl programs the passwords these programs generate will be MD5 by default. The side effect of this is that your users cant change their own passwords if their old password is DES since libscrypt doesnt understand DES and if you have perl scripts which does similar action they may fail. But adduser is a perl script itself so it would generate MD5 passwords automaticly when you add a new user. For passwd program its simple in its makefile just change -lcrypt lines with /usr/lib/libscrypt.a this should do the job I am not sure about perl. Is this a good "temporary" solution for you? On Sun, 17 Sep 2000, Kris Kennaway wrote: > On Mon, 18 Sep 2000, Vladimir B. Grebenschikov wrote: > > > > > I have a question: > > > > Do anybody have ideas to add 'default crypting mode' for utilities > > like passwd, adduser, etc ? > > > > I am not very happy to add new user with adduser, then to edit manualy > > /etc/passwd adding $1$xxx$xx to password, then lanch passwd to change > > password for user. In a reality passwd uses old password as salt for > > new password, but if there was no old password or it was '*' - new > > password is crypted with DES :( > > Brian Feldman wrote code in -current which fixes this by using a login > capability to specify which format to use for new passwords. > > I'm trying to get him to merge it back to -stable in time for > 4.1.1. Brian, whats the latest? > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009181017590.26927-100000>