Re: [Lug-Nuts] glibc questions in slink: crypt, linux threads

From: Brian Lavender (brian@brie.com)
Date: Thu Oct 21 1999 - 22:47:50 PDT


On Thu, Oct 21, 1999 at 10:30:40PM -0700, Mike Machado wrote:
> On Thu, 21 Oct 1999, Brian Lavender wrote:
>
> > As I understand, Debian slink comes with MD5 crypt because of export
> > restrictions.
>
> To respond to this part of the message, MD5 os way more secure than DES.
> It looks like a lot of systems are moving to MD5. Heck, cisco has been
> using it for years. I would reccomend using it instead of DES. I have a
> crypt library that will detect if the pass was crypted using MD5 or DES
> and authenticate someone based on that if you want it. I also modified
> the MD5 perl module to be able to generate MD5 shadow entries which is
> useful for password changeing programs in perl.

>From the results of my experiment of rebuilding glibc, it seems that I
rebuilt what was already there (Reinvented the wheel. DOH!). It looks
as if the crypt is already there on the one of my two debian installs
which I did not rebuild glibc. The crypt program I compiled produced the
same results. I don't know if I was short sighted in my test program,
but I was under the impression that most linux distros shipped a weak
crypt because of export restrictions, and they did not want to get caught
in a tangle. Am I correct to conclude that the crypt (I guess I should
say crypt) is perfectly fine with its existing setup?

Any more comments?

I assume shadow passwords provides good security. I just thought that
the current password setup on current systems was more easily crackable
than what was available because of export restrictions.

>
> I want to have a real crypt so I went to a german ftp
> > server, found glibc 2.0.7 source and I downloaded it. Of course the real
> > crypt is in a separate tar file. I downloaded that too and unpacked it
> > in the glibc source tree I read the faq as far as compiling glibc and
> > it said to do a configure like
> >
> > ./configure --enable-add-ons=crypt,linuxthreads

BTW, this is what I used in the end with configure. The readme warns that
a bad or incompatible glibc will break your system. I got the same version
as the original and added the add-ons

$ ./configure --enable-add-ons=crypt,linuxthreads --prefix=/usr

> >
> > What I am wondering is, is glibc on slink compiled in with linux threads? It
> > seems as if there are issues either way and that I probably ought to
> > go with it if it was compiled in originally.
> >
> > I am supposing that I can do the above configure and the following steps, and I should have glibc with crypt
> >
> > make
> > su
> > make install
> >
> > Here is the ftp site where I got crypt for glibc.
> >
> > ftp://ftp.gwdg.de/pub/linux/glibc/2.0.7pre6
> >
> > brian
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
>
> Mike Machado
> mike@innercite.com
> InnerCite
> Network Specialist

-- 
Brian Lavender
http://www.brie.com/brian/



This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:07 PST