Subject: Re: passwd encryption algorithm change possible?
To: Mipam <mipam@ibb.net>
From: Andrew Doran <ad@netbsd.org>
List: tech-net
Date: 01/23/2001 21:24:48
[Moving to tech-security]
Mipam <mipam@ibb.net> wrote:
> The passwords for users and root are encrypted with des i believe.
> This is still the case for 1.5 on x86 at least.
> Is it possible to use another algorithm to encrypt the passwords with
> in master.passwd for example?
It's possible in -current using /etc/passwd.conf. At the moment MD5
jiggery-pokery and DES are the only choices.
> What do i need to do to change this, anybody done this before?
> One of the reasons i ask is, des passwords are easily to crack with
> several programs which exist. Openbsd uses blowfish to encrypt
> the passwords i think and makes it a bit harder.
> Do i have to build another lybcrypt to support other algorithms or what
> can i do to make this happen?
Blowfish isn't included. You could pull in the bcrypt() stuff from OpenBSD
(although some people have objections to having two implementations), or use
the implementation in libcrypto (which isn't really feasible).
Andrew