From owner-freebsd-security Wed Jul 7 17: 5:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id D7E17154D2; Wed, 7 Jul 1999 17:05:34 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id JAA24352; Thu, 8 Jul 1999 09:35:33 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA10637; Thu, 8 Jul 1999 09:35:29 +0930 Date: Thu, 8 Jul 1999 09:35:29 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Eivind Eklund Cc: Peter Wemm , security@freebsd.org Subject: Re: Improved libcrypt ready for testing In-Reply-To: <19990707172115.D44021@bitbox.follo.net> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Jul 1999, Eivind Eklund wrote: > If we want to support protocol-embedded authentication data properly, > we need at least the ability to store several different types of > hashes for each user in the password file, and the ability to store > clear-text passwords. Storing cleartext passwords is easy enough - just define a minimal hash function which base64's the plaintext, and null salt function. I'll have to think about how multiple password hashes could best be implemented - any suggestions? > We should also, IMO, be switching our default password file format to > SRP or similar - something that allow challenges against it without > being the cleartext. I have the SRP reference implementation working at home - it requires changes to clients, though. This would probably best be integrated with a PAM module talking to the crypt backend (such a beast exists already, but I haven't tested it). Kris ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message