Subject: Re: crypt(3)
To: Michael Graff <explorer@vorpal.com>
From: Greg A. Woods <woods@kuma.web.net>
List: current-users
Date: 11/16/1994 11:37:20
[ On Wed, November 16, 1994 at 00:41:12 (-0600), Michael Graff wrote: ]
> Subject: Re: crypt(3) 
>
> So, not only do you break the ``use different passwords on different machines''
> rule, you also expect all crypt()'s to be identical?  There are other
> password schemes out there (Kerberos) which also break the ``standard''
> password entries.  Besides, what does a program need to look at the raw

*Every* unix variant I've encountered (out of literally hundreds),
except for two, or three (two being AIX variants) can share password
file entries.

> password entry for anyhow?  The salt argument to crypt() could flag a MD5
> vs. non-MD5 entry.  There is a limited alphabet allowed as a seed.  Use
> something illegal to the DES crypt to flag a MD5 entry.

True enough.

> I would much prefer using MD5 for passwords.  I'm not so certain the method
> posted here earlier is the best, but I believe MD5 to be much more secure
> than the standard old DES.

As was mentioned before, if you need something that secure, you've other
problems to worry about.  Keep the encrypted string secure, and you
reduce your trust requriments to your admin staff.

-- 
						Greg A. Woods

+1 416 443-1734			VE3TCP		robohack!woods
Planix, Inc. <woods@planix.com>; UniForum Canada <woods@uniforum.ca>