Very Computer

Quote:>OpenBSD can use any of the following formats:

--
-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                         "mmm... sacrilicious"

(Note how non-YP and YP ciphers are controlled seperately. This lets
us deal correctly in case the YP server is not capable of handling our
blowfish passwords.  That hack is a bit ugly, I guess, but some people
need that).

#       $OpenBSD: passwd.conf,v 1.6 1997/04/14 22:26:21 provos Exp $
#
# Passwd configuration file
#
# Possible stanzas are:
#       'default', username or .groupname
# Possible options are at the moment:
#       localcipher, ypcipher
# they can take values of
#       old             - old unix style salt of 12bit (YP compatible)
#       newsalt         - DES hash with salt of 64 bit
#       md5             - MD5 hashing algorithm
#       blowfish,x      - Blowfish cipher, 2^x is number of rounds (BEST!)
#                         128 bit salt, 2^4 rounds are min, 2^31 max
#
# EXAMPLE to give members of group .wheel blowfish passwords
#.wheel:
#        localcipher=blowfish,6

default:
        localcipher=blowfish,5
        ypcipher=old

root:
        localcipher=blowfish,7

--

www.OpenBSD.org -- We're fixing security problems so you can sleep at night.
(If it wasn't so fascinating I might get some sleep myself...)

Quote:>(someone correct me if I'm wrong)  I'm fairly certain all UNIX platforms use
>the same scheme by default.  At work, we have seven platforms (including AIX

Neither of these are compatible with traditional Unix DES crypt.

--
-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                         "mmm... sacrilicious"

Normal DES
Ancient non-salted DES
FreeBSD-compatible MD5
Our own Blowfish-based bcrypt()

You can configure what password types are used on a user or group basis.

--

www.OpenBSD.org -- We're fixing security problems so you can sleep at night.
(If it wasn't so fascinating I might get some sleep myself...)

|FreeBSD uses an MD5 hashing scheme by default.
|OpenBSD uses a Blowfish scheme.
|
|Neither of these are compatible with traditional Unix DES crypt.

Are any other Unix vendors considering supporting additional password
hashing mechanisms?  Is there likely to be any kind of standard in the
future for non-DES password hashing mechanisms?

--
------------------------------------------------------------------------

Unsolicited bulk or commercial email is not welcome.             netcom.com
No warranty of any kind is provided with this message.

--
     Peter F Curran
     Rensselaer Polytechnic Institute

Use address in Organization line, finger
for PGP key.  Antispaam test in progress.