Encryption of login passwords--where and how is it done?

Mikko Työläjärvi mbsd at pacbell.net
Sat Apr 16 13:44:10 PDT 2005

On Sat, 16 Apr 2005, Anthony Atkielski wrote:

> Where's the actual code that accepts the input of a password and/or
> encrypts it?  I looked in login.c, but that only seems to call PAM or
> something; from that point on, I wasn't sure where to look.

Start with crypt(3).

> I'm especially interested in knowing how a very long password (up to the
> FreeBSD limit of, I think, 128 characters) is hashed and mashed into an
> encrypted password, but I'm also generally interested in the whole
> process.  I'd like to think that a 128-byte password consisting of
> random words and special characters would be just as secure as a
> shorter, completely random password, but that's only true if FreeBSD is
> hashing the entire 128-byte string in some cryptographically secure way
> in order to produce an encrypt password that is a function of every bit
> of the plaintext password.

Look in /usr/src/lib/libcrypt/.  The MD5 password hashing scheme is
found in crypt-md5.c (the whole password is being used, btw).


More information about the freebsd-questions mailing list