Re: Which password cipher ?

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Dec 1, 2010, at 6:14 05AM, Julio Merino wrote:

> On 12/1/10 10:59 AM, Robert Elz wrote:
>>     Date:        Wed, 1 Dec 2010 09:42:17 +0000
>>     From:        Julio Merino<jmmv%NetBSD.org@localhost>
>>     
>> Message-ID:<AANLkTimY1WcUrXgdObPZzi_jv2ysKV+9esJ46s5CXn=e%mail.gmail.com@localhost>
>> 
>>   | Which makes me wonder... why do we even *ask* people to choose a
>>   | cypher algorithm during install?  Couldn't we, as the developers of
>>   | the system, make a good choice for our users (and let them change it
>>   | after installation if they so wish, just as they can with everything
>>   | else)?  (It just feels stupid that we have a question in sysinst for
>>   | something as trivial as this but we don't have a way to select, e.g.
>>   | which services to enable.)
>> 
>> It is (of course) because we really want sysinst to encourage setting a
>> root password, and we need to know which cipher to use to set that one with,
>> before it is set.   Nothing sysinst does inhibits in any way enabling
>> the various services, but setting a root password with the "wrong" cipher
>> would be annoying.
> "Of course".  But really, who cares?  Why would you ever have to think about 
> what cypher algorithm to use, *specially* during installation?  And if you 
> want to change it at all after install, you should know how to and, 
> therefore, you should know what implications that has and how to deal with 
> them.

The simple answer is password file compatibility -- other systems accept the 
older formats.  Over the years, I've seen many instances where someone will say 
"send me your passwd file line".  DES is the most compatible; the Blowfish and 
md5 methods are used by other open source systems; the HMAC-SHA1 scheme was 
developed for NetBSD and doesn't exist elsewhere unless they've picked up our 
code.

This isn't to say you're wrong

                --Steve Bellovin, http://www.cs.columbia.edu/~smb