Date: Thu, 29 Aug 1996 13:06:48 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: Brandon Gillespie <brandon@tombstone.sunrem.com> Cc: Nate Williams <nate@mt.sri.com>, hackers@freebsd.org Subject: Re: 'Backwards' DES support for crypt(), while still using better algo's Message-ID: <199608291906.NAA07417@rocky.mt.sri.com> In-Reply-To: <Pine.BSF.3.91.960829125653.17590A-100000@tombstone.sunrem.com> References: <199608291855.MAA07380@rocky.mt.sri.com> <Pine.BSF.3.91.960829125653.17590A-100000@tombstone.sunrem.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > If you install the secure dist (DES) converting to/from FreeBSD's format > > is trivial, and by changing it you are asking for trouble. > > Sorry, I was not very clear :) What I'm suggesting is something different > from the secure distribution which gives you 'DES capability' while still > also having the capability of different encryption algorythms. It would > do this with a DES version '$0$' which would hook the encryption into DES > encrypt, where '$1$' would still hook into MD5 and '$2$' would hook into > SHA-1 (my code for crypt hooks into MD5/SHA-1 already, based off which > version you pass it in the salt), and not placing a version in the salt > would hook into the 'default' that crypt is using. This leaves it up to > crypt() to handle the default version, when newer and better algorythms > are added--without having to change passwd and all other relevant > programs. Except that this new password file is now FreeBSD-centric, and can't be shared with any other system. Simply adding a new 'token' for the SHA-1 stuff would be fine, but by changing what DES looks like is asking for trouble. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608291906.NAA07417>