From owner-freebsd-security Sun Feb 16 09:45:40 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA14847 for security-outgoing; Sun, 16 Feb 1997 09:45:40 -0800 (PST) Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA14842 for ; Sun, 16 Feb 1997 09:45:33 -0800 (PST) Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id SAA12172; Sun, 16 Feb 1997 18:47:21 +0100 (MET) From: Mikael Karpberg Message-Id: <199702161747.SAA12172@ocean.campus.luth.se> Subject: Re: blowfish passwords in FreeBSD To: brandon@cold.org (Brandon Gillespie) Date: Sun, 16 Feb 1997 18:47:20 +0100 (MET) Cc: security@freebsd.org In-Reply-To: from Brandon Gillespie at "Feb 14, 97 01:48:14 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk According to Brandon Gillespie: > > I have your scheme commit-ready now. It looks like we'll have too merge > > in this as well. > > Actually, I'd like to also submit a patch for 'passwd' that reads > something like /etc/passwd.conf for a 'preference', where the file simply > contains 'best' 'DES' or a $x$ prefix. If it is 'best' it'll use the > best/latest algorithm, DES is obvious, otherwise it just prefixes the > '$x$' string in the file to the salt. I'd like this because for me, I > have many older DES passwords from upgrades, and I'd like to migrate to > better passwords but right now if DES exists as an option, it is always > given encryption preference in 'passwd'.. At least some of that seems like a great idea. I mean... Why not have the fields use $name$salt$passwd$ ? Where name is the name of the encryption used? $1$ really says nothing. And then you would never have the problem with different OSes having different numbering. the name stays the same, right? bfish, des, md5, etc... Sure, to be backward compatible after changing, you could just make "1" alias for "md5" and "2" alias for "bfish", but that's no biggie. And it could be solved with symlinks for this idea: How about having dynamically linked crypt routines, that follow some API, and are loaded by name? Like.... Umm... have /etc/crypt/ contain maybe a settings file, and then also some .so files, that are loaded when needed and then kept in memory. Normally you could have /etc/crypt/md5.so and maybe /etc/crypt/des.so, if you add the des package. Also you would have symlink 1.so -> md5.so, and it would be quite easy if you, for example, had a file with blowfish passwords from OpenBSD that you wanted to use. Just do: "cd /etc/crypt/ ; cp ..../blowfish.so blowfish.so ; ln -s blowfish.so 2.so" Then copy the passwd file, and make the .db files, and it Just Works. If loading the .so file set in $name$ field failed, crypt could just return a string like "****************", which is not likely to match anything, or simply return NULL. Maybe not a completely thought through idea, but... would something like it work? /Mikael