From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 16 20:44:10 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B586716A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 16 Apr 2005 20:44:10 +0000 (GMT)
Received: from ylpvm01.prodigy.net (ylpvm01-ext.prodigy.net [207.115.57.32])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 59A7643D49
	for <freebsd-questions@freebsd.org>;
	Sat, 16 Apr 2005 20:44:10 +0000 (GMT)
	(envelope-from mbsd@pacbell.net)
Received: from sotec.home (adsl-64-166-23-88.dsl.snfc21.pacbell.net
	[64.166.23.88])j3GKhs4I027602
	for <freebsd-questions@freebsd.org>; Sat, 16 Apr 2005 16:44:02 -0400
Date: Sat, 16 Apr 2005 13:43:48 -0700 (PDT)
From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= <mbsd@pacbell.net>
X-X-Sender: mikko@sotec.home
To: freebsd-questions@freebsd.org
In-Reply-To: <1197988274.20050416123145@wanadoo.fr>
Message-ID: <20050416134035.H34987@sotec.home>
References: <1197988274.20050416123145@wanadoo.fr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: Encryption of login passwords--where and how is it done?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Apr 2005 20:44:10 -0000

On Sat, 16 Apr 2005, Anthony Atkielski wrote:

> Where's the actual code that accepts the input of a password and/or
> encrypts it?  I looked in login.c, but that only seems to call PAM or
> something; from that point on, I wasn't sure where to look.

Start with crypt(3).

> I'm especially interested in knowing how a very long password (up to the
> FreeBSD limit of, I think, 128 characters) is hashed and mashed into an
> encrypted password, but I'm also generally interested in the whole
> process.  I'd like to think that a 128-byte password consisting of
> random words and special characters would be just as secure as a
> shorter, completely random password, but that's only true if FreeBSD is
> hashing the entire 128-byte string in some cryptographically secure way
> in order to produce an encrypt password that is a function of every bit
> of the plaintext password.

Look in /usr/src/lib/libcrypt/.  The MD5 password hashing scheme is
found in crypt-md5.c (the whole password is being used, btw).

    $.02,
    /Mikko