Date: Wed, 07 Apr 1999 16:46:46 +0800 From: adrian@freebsd.org To: Anders Andersson <anders@sanyusan.se> Cc: freebsd-current@freebsd.org Subject: Re: DES from source? Message-ID: <19990407084647.29003.qmail@ewok.creative.net.au> In-Reply-To: Your message of "Wed, 07 Apr 1999 10:51:26 %2B0200." <19990407105126.A6886@sanyusan.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Anders Andersson writes: >* Dag-Erling Smorgrav (des@flood.ping.uio.no) [990403 17:33]: > >> Existing MD5 passwords will still work. New users will get DES >> passwords. > >Thanks, but how do I get all my "old" users to use DES crypted passwords? Well, the short answer is 'you get them to change their password' . Which is true - you can't take an MD5 hash and turn it into a DES crypt, you'll need their cleartext password first. There are ways of achieving this in a large extent without their knowledge - firstly run crack, see what cleartext passwords you get. That is the easiest. My favourite though is to modify a daemon that uses cleartext authentication (say login, or the pop3 server you're using) to log sucessful attempts to a file which you can then troll for people's cleartext passwords, convert them to DES, and then only ask the few people left for a new password. >Maybe I just should purify my network to loose those DES boxes and run >FreeBSD md5 native only, that would be more secure and faster right? It depends entirely on the setup. I run DES purely because I have solaris and Digital UNIX boxen running DES. >Not necessary at all to use the crypt and secure dirs in /usr/src right? >If you dont need DES crypt that is, or is there any other advantage? > >I hope not, because then I will be happy and do no more cvsup to >cvsup.internat.freebsd.org :-) If you need DES then you'll have to get the sources from a non-US site. Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990407084647.29003.qmail>