Return to BSD News archive
Newsgroups: comp.os.386bsd.questions Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!ihnp4.ucsd.edu!dog.ee.lbl.gov!agate!tfs.com!usenet From: Poul-Henning Kamp <phk@freebsd.org> Subject: Re: Crypting passwords... Message-ID: <Czy95w.KoC@tfs.com> Sender: usenet@tfs.com Organization: TRW Financial Systems References: <3b7mqb$l2d@sundog.tiac.net> <3b7spg$qtu@sol.ctr.columbia.edu> Date: Sun, 27 Nov 1994 23:27:32 GMT Lines: 23 wpaul@ctr.columbia.edu (Bill Paul) wrote: > > Daring to challenge the will of the almighty Leviam00se, Brian McGovern (mcgovern@spoon.beta.com) had the courage to say: > : I've been having an interesting problem under FreeBSD 1.1.5.1 trying to > : crypt passwords. After mulling through the code for passwd, it looks > : like the way passwords are encrypted is something like this: > > : crypted_password = crypt(ClearTextPassword, ClearTextPassword); > > No, not quite. It's more like this: > > crypted_password = crypt(ClearTextPassword, TwoCharacterSalt); I'd like to point out that FreeBSD-2.0 does not ship with the usual DES-based encryption. Instead it uses a MD5 based encryption, which is much harder to crack, and which require a significant share of the atoms in the universe, if you want to do a dictionary attack. This is all transparent, if you do not depend on the crypted result to be only 13 characters long. Poul-Henning Kamp FreeBSD core-team