Subject: Re: crypt(3)
To: Herb Peyerl <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 11/15/1994 20:18:19
Obviously people have to have the option of using old style
formats. However, I'll point out that crypt(3) is creaking badly. The
cost of simply brute forcing an arbitrary password regardless of how
obscure it happens to be is getting dangerously close to
practicality. MD5, or even better, SHA, is a far safer bet for the
Herb Peyerl says:
> I don't like having to replace the current scheme with anything nor would I
> want to see new-entries be MD5 generated.
> Whenever someone wants an account on one of my machines, they ship me a
> passwd entry... That way their password can remain the same. And vice
> versa. Whenever I get an account on someone else's machine, I ship them
> my password entry.
> I suppose if it was offered as a choice (ie: in the makefile) and the
> default was to read both and generate the current scheme, then I wouldn't
> find too much to object about.