Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!hunter.premier.net!news.mathworks.com!fu-berlin.de!irz401!orion.sax.de!uriah.heep!news From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: shrinking pw fields? Date: 25 Oct 1996 22:21:30 GMT Organization: Private BSD site, Dresden Lines: 41 Message-ID: <54reha$9ta@uriah.heep.sax.de> References: <54pbec$g7v@raven.cc.ukans.edu> Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) NNTP-Posting-Host: localhost.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: knews 0.9.6 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E conley@eecs.ukans.edu (Dennis R. Conley) wrote: > I noticed today that some of the password fields in master.passwd > were quite long ( ~35 ) and resembled md5 output. Others were the > familiar ol' des-ish type of length 13. I found it curious that more > recently created logins always got the "short" version, and that I > could never change "short" to "long" ( or vice versa ). :) > So why are there two different types, and what determines which type > is used? You have apparently installed the DES package sometimes later (maybe accidentally?). The short passwords are DES, the longer are indeed MD5 -- only with a short $1$ prefix so the can easily be disting- uished. The crypt() routine inside the DES library uses this $1$ flag to find out whether it should hand over the actual encryption to the MD5-based routine, or handle it using DES. Thus, you don't run into troubles and your old passwords remained valid. Right now, it's a one-way street (i think). The crypt routine will always generate DES passwords unless being faced with what looks like an MD5-crypted one. The reason for having both available is that DES is not exportable from the US, due to some braindamaged policy of your government. Meanwhile, the MD5 encryption (which is exportable since it can only be used for authentication purposes) is believed to be stronger anyway, and it's how the system is shipping by default. However, DES is still required e.g. for people sharing passwords via NIS. Btw., there's also an internation DES distribution available for people outside the US. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)