*BSD News Article 38506


Return to BSD News archive

Newsgroups: comp.os.386bsd.questions
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!ihnp4.ucsd.edu!dog.ee.lbl.gov!agate!tfs.com!usenet
From: Poul-Henning Kamp <phk@freebsd.org>
Subject: Re: Crypting passwords...
Message-ID: <Czy95w.KoC@tfs.com>
Sender: usenet@tfs.com
Organization: TRW Financial Systems
References: <3b7mqb$l2d@sundog.tiac.net> <3b7spg$qtu@sol.ctr.columbia.edu>
Date: Sun, 27 Nov 1994 23:27:32 GMT
Lines: 23

wpaul@ctr.columbia.edu (Bill Paul) wrote:
>
> Daring to challenge the will of the almighty Leviam00se, Brian McGovern (mcgovern@spoon.beta.com) had the courage to say:
> : I've been having an interesting problem under FreeBSD 1.1.5.1 trying to
> : crypt passwords. After mulling through the code for passwd, it looks
> : like the way passwords are encrypted is something like this:
> 
> : crypted_password = crypt(ClearTextPassword, ClearTextPassword);
> 
> No, not quite. It's more like this:
> 
> crypted_password = crypt(ClearTextPassword, TwoCharacterSalt);


I'd like to point out that FreeBSD-2.0 does not ship with the usual
DES-based encryption.  Instead it uses a MD5 based encryption, which
is much harder to crack, and which require a significant share of the
atoms in the universe, if you want to do a dictionary attack.  This
is all transparent, if you do not depend on the crypted result to be
only 13 characters long.

Poul-Henning Kamp
FreeBSD core-team