md5/des ?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Nov 12 06:52:29 PST 2003
On Wed, Nov 12, 2003 at 01:23:35PM +0200, Oles Hnatkevych wrote:
> /usr/bin/passwd does my passwords MD5 encrypted (accordingly to /etc/login.conf)
> But /usr/sbin/adduser creates users with DES encrypted passwords.
> How do I make it use MD5 instead of DES? Seems like it's perls crypt()
> problem, and the DES is the default...
It's not the perl crypt() function, as that just mirrors the behaviour
of the underlying libc crypt(3) function. Try these commands and
you'll see how things work:
Traditional DES:
% perl -le 'print crypt("password", "xx")'
Extended DES:
% perl -le 'print crypt("password", "_xx")'
Modular ($1$ => MD5)
% perl -le 'print crypt("password", "\$1\$xx")'
ie. The format of the salt supplied to crypt controls the algorithm used.
You're right however that the adduser(8) command will always generate
a DES encrypted password hash. Unfortunately it's programmed so that
it can't do anything else -- plus it uses srand() on a combination of
the PID, the date and some other data to seed the RNG, which used to
be a reasonable idea, but now that we have /dev/random is much less
so.
Use 'pw useradd' command instead. See pw(8) -- this is a much more
capable program for manipulating user and group accounts, and it
doesn't suffer from the drawbacks you've noted.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031112/5a342b1b/attachment.bin
More information about the freebsd-questions
mailing list