Date: Wed, 7 Jul 1999 17:21:15 +0200 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Peter Wemm <peter@netplex.com.au> Cc: Kris Kennaway <kkennawa@physics.adelaide.edu.au>, security@FreeBSD.ORG Subject: Re: Improved libcrypt ready for testing Message-ID: <19990707172115.D44021@bitbox.follo.net> In-Reply-To: <19990706175814.3A9CE78@overcee.netplex.com.au>; from Peter Wemm on Wed, Jul 07, 1999 at 01:58:14AM %2B0800 References: <Pine.OSF.4.10.9907062308350.13993-100000@bragg> <19990706175814.3A9CE78@overcee.netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 07, 1999 at 01:58:14AM +0800, Peter Wemm wrote: > Kris Kennaway wrote: > > On Tue, 6 Jul 1999, Peter Wemm wrote: > > > > > I'd strongly suggest encoding the number of rounds as well, ie: > > > $token$salt$rounds$password > > > > For the two algorithms which currently support variable rounds, it's > > already encoded into the password: > > > > $Blowfish$xy$<salt><password> following the OpenBSD format (xy = log2 rounds) > , > > and > > > > _<rounds><salt><password> for New-DES. (<rounds> encoded as a base-64 binary > > value). > > Say... you wouldn't like to impliment an NT-style password hash, would you? > *NOT* the LAN-Manager (LAN-damager?) hash with the 2 chunks of 7 characters > weak method that gets decoded in what seems like seconds according to > bugtraq. The NT hash is 128 character etc. It's also unicode and not case > sensitive, but that shouldn't be a problem to implement. > > The reason I ask is that there are a number of protocols that have this > embedded in it, including PPP's MS-CHAP and SMB. If we want to support protocol-embedded authentication data properly, we need at least the ability to store several different types of hashes for each user in the password file, and the ability to store clear-text passwords. We should also, IMO, be switching our default password file format to SRP or similar - something that allow challenges against it without being the cleartext. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990707172115.D44021>