Date: Thu, 8 Jul 1999 09:35:29 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: Eivind Eklund <eivind@freebsd.org> Cc: Peter Wemm <peter@netplex.com.au>, security@freebsd.org Subject: Re: Improved libcrypt ready for testing Message-ID: <Pine.OSF.4.10.9907080928090.20360-100000@bragg> In-Reply-To: <19990707172115.D44021@bitbox.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Jul 1999, Eivind Eklund wrote:
> If we want to support protocol-embedded authentication data properly,
> we need at least the ability to store several different types of
> hashes for each user in the password file, and the ability to store
> clear-text passwords.
Storing cleartext passwords is easy enough - just define a minimal hash
function which base64's the plaintext, and null salt function.
I'll have to think about how multiple password hashes could best be
implemented - any suggestions?
> We should also, IMO, be switching our default password file format to
> SRP or similar - something that allow challenges against it without
> being the cleartext.
I have the SRP reference implementation working at home - it requires changes
to clients, though. This would probably best be integrated with a PAM module
talking to the crypt backend (such a beast exists already, but I haven't
tested it).
Kris
-----
"Never criticize anybody until you have walked a mile in their shoes,
because by that time you will be a mile away and have their shoes."
-- Unknown
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9907080928090.20360-100000>