Date: Thu, 29 Aug 1996 12:08:12 -0600 (MDT) From: Brandon Gillespie <brandon@tombstone.sunrem.com> To: hackers@freeBSD.org Subject: 'Backwards' DES support for crypt(), while still using better algo's Message-ID: <Pine.BSF.3.91.960829114926.17349C-100000@tombstone.sunrem.com>
next in thread | raw e-mail | index | archive | help
I'm working on hacking SHA-1 encryption into passwords as '$2$' (suggested by Poul). One thought I had was on systems that have existing passwords with DES, where they may want to use better encryption but they dont because right now it is either all or nothing (? as far as I can tell). What would be nice is to have '$0$' be DES encryption, then we could still support better encryption while also staying functional with older passwords (which you would likely want to just expire and let them re-encrypt), as calling crypt() with a salt which does not have a version on it would simply default to whatever the latest 'version' is, where prepending the version to it would force it to use that encryption. This would also require a change in passwd so it doesnt unintentionally keep using DES or MD5 and just inherently uses the 'latest' version by not specifying the version in it's salt (right now passwd/local_passwd.c implicitly uses '$1$'). -Brandon Gillespie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960829114926.17349C-100000>