On Thu, Oct 21, 1999 at 10:56:23PM -0700, Mike Machado wrote:
> tatus: RO
> Content-Length: 3341
> Lines: 89
>
> On Thu, 21 Oct 1999, Brian Lavender wrote:
>
> > On Thu, Oct 21, 1999 at 10:30:40PM -0700, Mike Machado wrote:
> > > On Thu, 21 Oct 1999, Brian Lavender wrote:
> > >
> > > > As I understand, Debian slink comes with MD5 crypt because of export
> > > > restrictions.
> > >
> > > To respond to this part of the message, MD5 os way more secure than DES.
> > > It looks like a lot of systems are moving to MD5. Heck, cisco has been
> > > using it for years. I would reccomend using it instead of DES. I have a
> > > crypt library that will detect if the pass was crypted using MD5 or DES
> > > and authenticate someone based on that if you want it. I also modified
> > > the MD5 perl module to be able to generate MD5 shadow entries which is
> > > useful for password changeing programs in perl.
> >
> > >From the results of my experiment of rebuilding glibc, it seems that I
> > rebuilt what was already there (Reinvented the wheel. DOH!). It looks
> > as if the crypt is already there on the one of my two debian installs
> > which I did not rebuild glibc. The crypt program I compiled produced the
> > same results. I don't know if I was short sighted in my test program,
> > but I was under the impression that most linux distros shipped a weak
> > crypt because of export restrictions, and they did not want to get caught
> > in a tangle. Am I correct to conclude that the crypt (I guess I should
> > say crypt) is perfectly fine with its existing setup?
> >
> > Any more comments?
> >
> > I assume shadow passwords provides good security. I just thought that
> > the current password setup on current systems was more easily crackable
> > than what was available because of export restrictions.
> >
>
>
> Wanna see something cool? If you really have MD5 crpyt, chanage that C
> program you posted to use a salt of $1$abcde$ and see what the output is.
> The crypt code looks for the $1$ to determine if it should do regular DES
> or MD5.
How do I know that that is cool :)
I couldn't tell if it was using DES or MD5. I guess I will just
have to take your word for it. Anyway, I am now offf to install
the MD5 perl module.
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:07 PST