Commit Graph

13 Commits

Author SHA1 Message Date
Mark Murray
3ab9676ab3 Never return NULL, always return a hash.
Submitted by:	dt
1999-09-22 06:53:08 +00:00
Mark Murray
e9a56ad5ca Big code cleanup. (Inspired by Brandon Gillespie). Also move as
much as possible away from secure/ to make extending easier.
1999-09-20 12:45:49 +00:00
Peter Wemm
a1a4f1a0d8 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Mark Murray
4fdd3d5417 The new crypt code broke "make world". Back it out. 1999-01-23 08:27:46 +00:00
Brandon Gillespie
da5c7089a3 Rewrite of crypt library to be more modular, and addition of the
Secure Hashing Algorithm - 1 (SHA-1), along with the further
refinement of what $x$salt$hash means.  With this new crypt the
following are all acceptable:

    $1$
    $MD5$
    $SHA1$

Note: $2$ is used by OpenBSD's Blowfish, which I considered adding
as $BF$, but there is no actual need for it with SHA-1.  However,
somebody wishing to add OpenBSD password support could easilly add
it in now.

There is also a malloc_crypt() available in the library now, which
behaves exactly the same as crypt(), but it uses a malloced buffer
instead of a static buffer.  However, this is not standard so will
likely not be used much (at all).

Also, for those interested I did a brief speed test Pentium 166/MMX,
which shows the DES crypt to do approximately 2640 crypts a CPU second,
MD5 to do about 62 crypts a CPU second and SHA1 to do about 18 crypts
a CPU second.

Reviewed by:	Mark Murray
1999-01-21 13:50:09 +00:00
Peter Wemm
7e546392b5 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Poul-Henning Kamp
139107f0ff A couple of minor nits.
Submitted by:	Craig Leres <leres@ee.lbl.gov>
Submitted by:	Theo Deraadt <deraadt@theos.com>
1996-10-14 08:34:02 +00:00
Jordan K. Hubbard
51295a4d3e General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 18:57:58 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Poul-Henning Kamp
3b2b7f71de *** ATTENTION *** YOU MIGHT BE ABOUT TO BE HOSED *** ATTENTION ***
This effectively changes the non-DES password algoritm.

If you have the "securedist" installed you will have no problems with this.
(Though you might want to consider using this password-encryption instead
of the DES-based if your system is likely to be hacked)

If you are running a -current system without the "securedist" installed:
YOU WILL NEED TO CHANGE ALL PASSWORDS !!    There is no backwards mode.

Suggested procedure is:
	Update your sources
	cd /usr/src/lib/libcrypt
	make clean
	make all
	make install
	passwd root
		<set roots new password>
	change password for any other users on the system.

This algorithm is expected to be much better than the traditional DES-
based algorithm.  It uses the MD5 algorithm at what it is best at, as
opposed to the DES algorithm at something it isn't good at at all.  The
algorithm is designed such that it should very hard to shortcut the
calculations needed to build a dictionary, and to make partial knowledge
(Hmm, his password starts with a 'P'...) useless.  Of course if somebody
breaks the MD5 algorithm this looses too.

The salt is 48 bits (8 char @ base64).
The encrypted password is 128 bits.

And I am positively delighted to say that it takes 34 msec to crypt() a
password on a Pentium/60Mhz, so building a dictionary is not really an
option for hackers at the moment.
1994-11-07 21:07:09 +00:00
Geoff Rehmet
0e27b8d587 Nates password scrambler, from FreebSD 1.1.5, but with everything except
crypt() ripped out
Reviewed by:	Geoff Rehmet
Submitted by:	Nate Williams
1994-08-09 17:07:27 +00:00