db0e19820c
This effectively changes the non-DES password algoritm. If you have the "securedist" installed you will have no problems with this. (Though you might want to consider using this password-encryption instead of the DES-based if your system is likely to be hacked) If you are running a -current system without the "securedist" installed: YOU WILL NEED TO CHANGE ALL PASSWORDS !! There is no backwards mode. Suggested procedure is: Update your sources cd /usr/src/lib/libcrypt make clean make all make install passwd root <set roots new password> change password for any other users on the system. This algorithm is expected to be much better than the traditional DES- based algorithm. It uses the MD5 algorithm at what it is best at, as opposed to the DES algorithm at something it isn't good at at all. The algorithm is designed such that it should very hard to shortcut the calculations needed to build a dictionary, and to make partial knowledge (Hmm, his password starts with a 'P'...) useless. Of course if somebody breaks the MD5 algorithm this looses too. The salt is 48 bits (8 char @ base64). The encrypted password is 128 bits. And I am positively delighted to say that it takes 34 msec to crypt() a password on a Pentium/60Mhz, so building a dictionary is not really an option for hackers at the moment. |
||
---|---|---|
.. | ||
csu/i386 | ||
libc | ||
libcompat | ||
libcrypt | ||
libcurses | ||
libedit | ||
libf2c | ||
libF77 | ||
libI77 | ||
libkvm | ||
libm | ||
libmd | ||
libmytinfo | ||
libncurses | ||
libpam/modules | ||
libresolv | ||
librpc | ||
librpcsvc | ||
libskey | ||
libtelnet | ||
libterm | ||
libtermcap | ||
libutil | ||
liby | ||
msun | ||
ncurses/ncurses | ||
rpcsvc | ||
Makefile | ||
Makefile.inc |