Date: Sat, 23 Oct 1999 22:50:54 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: vince@venus.GAIANET.NET (Vincent Poy) Cc: cjclark@home.com, FreeBSD-Questions@FreeBSD.ORG Subject: Re: FreeBSD 3.3-RELEASE passwd issue Message-ID: <199910240250.WAA39167@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.05.9910231625360.5072-100000@venus.GAIANET.NET> from Vincent Poy at "Oct 23, 1999 04:26:21 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy wrote, > On Sat, 23 Oct 1999, Crist J. Clark wrote: > > > Vincent Poy wrote, > > > On Sat, 23 Oct 1999, Crist J. Clark wrote: > > > > > > > Vincent Poy wrote, > > > > [snip] > > > > > > > > > > Seems for some reason, unless I go into vipw and delete the entire > > > > > password, the passwd program will just write MD5 instead of DES since it > > > > > had the $ before it. > > > > > > > > Oh, yeah. That's a know "gotcha." Once you set the password to one > > > > format, the only way to change it is to go in manually with vipw. > > > > > > > > But to the original problem, those 13 character passwords you said you > > > > originally had, the DES ones, should work fine. > > > > > > Yeah, thanks for fixing the mixup.... But what's the maximum > > > characters allowed for MD5 and DES for passwords? > > > > I believe the maximum number of characters you can type in is 128. > > However, for DES I know only the first 8 characters are > > significant. From a _really_ quick look at crypt_md5() source, it > > looks like it uses 16. Is that right? I am sure MD5 uses more. > > Hmmm, I think MD5 does use more except is there a reason to not > install DES at all? I had a hard time parsing this sentence. Is there a period missing after the "execpt?" MD5 does use more characters. MD5 is unquestionably the more secure option for that reason and others. DES has U.S. export restrictions attached to it (the reason the MD5 password method was developed at all). That's a "reason" for people outside the U.S. not to use it, they cannot get it in the standard FreeBSD distribution. As for whether someone in the US would prefer to or not to use it, the only reason to use DES is for compatibility with other systems that only use DES (e.g. my machines using NIS at the office fall into that category). Other than that, I really don't know of a good reason. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910240250.WAA39167>