Encryption of login passwords--where and how is it done?
Anthony Atkielski
atkielski.anthony at wanadoo.fr
Sat Apr 16 03:31:48 PDT 2005
Where's the actual code that accepts the input of a password and/or
encrypts it? I looked in login.c, but that only seems to call PAM or
something; from that point on, I wasn't sure where to look.
I'm especially interested in knowing how a very long password (up to the
FreeBSD limit of, I think, 128 characters) is hashed and mashed into an
encrypted password, but I'm also generally interested in the whole
process. I'd like to think that a 128-byte password consisting of
random words and special characters would be just as secure as a
shorter, completely random password, but that's only true if FreeBSD is
hashing the entire 128-byte string in some cryptographically secure way
in order to produce an encrypt password that is a function of every bit
of the plaintext password.
--
Anthony
More information about the freebsd-questions
mailing list