Encryption of login passwords--where and how is it done?
Vince
jhary at unsane.co.uk
Sun Apr 17 07:13:39 PDT 2005
>
> > Where's the actual code that accepts the input of a password and/or
> > encrypts it? I looked in login.c, but that only seems to
> call PAM or
> > something; from that point on, I wasn't sure where to look.
>
> Start with crypt(3).
As an aside, you can change the encryption used by login by changing the
passwd_format option in login.conf for you login class.
>From man login.conf
passwd_format string md5 The encryption format that new or
changed passwords will use. Valid
values include "des", "md5" and
"blf". NIS clients using a
non-FreeBSD NIS server should proba-
bly use "des".
>
> > I'm especially interested in knowing how a very long
> password (up to
> > the FreeBSD limit of, I think, 128 characters) is hashed and mashed
> > into an encrypted password, but I'm also generally
> interested in the
> > whole process. I'd like to think that a 128-byte password
> consisting
> > of random words and special characters would be just as secure as a
> > shorter, completely random password, but that's only true
> if FreeBSD
> > is hashing the entire 128-byte string in some
> cryptographically secure
> > way in order to produce an encrypt password that is a function of
> > every bit of the plaintext password.
>
> Look in /usr/src/lib/libcrypt/. The MD5 password hashing
> scheme is found in crypt-md5.c (the whole password is being
> used, btw).
>
> $.02,
> /Mikko
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list