Subject: Re: crypt(3)
To: Herb Peyerl <>
From: Michael Graff <>
List: current-users
Date: 11/16/1994 00:41:12
>Whenever someone wants an account on one of my machines, they ship me a
>passwd entry... That way their password can remain the same.  And vice
>versa. Whenever I get an account on someone else's machine, I ship them
>my password entry.

So, not only do you break the ``use different passwords on different machines''
rule, you also expect all crypt()'s to be identical?  There are other
password schemes out there (Kerberos) which also break the ``standard''
password entries.  Besides, what does a program need to look at the raw
password entry for anyhow?  The salt argument to crypt() could flag a MD5
vs. non-MD5 entry.  There is a limited alphabet allowed as a seed.  Use
something illegal to the DES crypt to flag a MD5 entry.

I would much prefer using MD5 for passwords.  I'm not so certain the method
posted here earlier is the best, but I believe MD5 to be much more secure
than the standard old DES.


Michael Graff <>       NetBSD is the way to go!
PGP key on a key-server near you!         Rayshade the world!