Date: Wed, 29 Nov 2000 12:26:56 +0100 (CET) From: "O. Hartmann" <ohartman@ipamzlx.physik.uni-mainz.de> To: freebsd-stable@freebsd.org Subject: Password Encryption Problems Message-ID: <Pine.BSF.4.21.0011291214300.60488-100000@ipamzlx.physik.uni-mainz.de>
next in thread | raw e-mail | index | archive | help
Dear Sirs. Sometimes it seems really strange to me what FreeBSD does when encrypting passwords. And as often I asked - there is no sufficient answer which type of encryption, DES or MD5, to use. Well, I swiched my libraries to use libdescrypt instead of libscrypt as described in the manpages and I never user the exclusion of making the default links when building a new system in /etc/make.conf. But I set MAKE IDEA to YES. So, lets explain what's the subject of my question. As I remember myself, MD5 encrypted passwords are typically revealed in passwd by a $ at the beginning of the sequence of encrypted passwords. DES encrypted passwords seems to be really short in comparison to MD5 encrypted passwords. Last week, I installed a new user and its password seems to be definitely encrypted by DES, but today's encrypted passwords seems to be MD5 although I did not change anything and I deleted first via vipw the password field to avoid FreeBSD checking and recognizing that the prior password is MD5 encrypted (I realized, that if there is a password MD5 encrypted and I change encryption libraries in the meanwhile, passwd seems the encrypt the new given password also in MD5, but when deleting the passwordfield or installing a new user when DES is alraedy activated, I get, better I got!, an short DES encrypted password). When I did this and checked the passowrd again, it seemed to be still MD5 encrypted. Why? Has anything changed in FreeBSD in the meanwhile? I use NIS/YP, but it is not completely installed and running, but the server on which I keep all the users and passwords is NIS server, maybe there is the reason located ... or not? In DES I have a password limitation of 8 characters, while FBSD's MD5 allows us 128 characters. But using NIS/YP limits again passwords and login to be limited by 8 characters, so I ask myself what encryption service is the best choice ... Thanks in advance, Oliver - MfG O. Hartmann ------------------------------------------------------------------- ohartman@ipamzlx.physik.uni-mainz.de Klimadatenserver-Abteilung des IPA IT Netz- und Systembetreuung Johannes Gutenberg-Universitaet Mainz Becherweg 21 D-55099 Mainz BRD/Germany Tel: +496131/3924662 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011291214300.60488-100000>