Subject: Re: PEOPLE WITHOUT CRYPT(), BEWARE!!!
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
Date: 02/20/1995 14:31:28
> Since password encryption uses no decryption, the new version will
> work fine for passwords.
Assuming you consider DES-based hashing strong enough to call it "work
fine", of course. I don't, even with the NetBSD (or are they 4.4?)
improvements; IMO the only excuse for using it is compatability with
binary-only (other-)vendor code that insists on it (eg, for NIS-based
password database sharing).
Of course, cynics will remark that this is just because I've written
non-DES-based password hashing code. They're not entirely wrong :-),
but I don't think they're entirely right either.