Re: [exim-dev] crypt, crypt16, and bigcrypt - worth changing…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Kjetil Torgrim Homme
Fecha:  
A: exim-dev
Asunto: Re: [exim-dev] crypt, crypt16, and bigcrypt - worth changing?
On Tue, 2006-09-12 at 14:37 +0100, Philip Hazel wrote:
> However, the first question is: should any change be made? I don't
> recall anybody reporting problems, and I suspect that the world is
> moving on to other encryption methods such as {sha1} these days.


I think it's more common to stick to {crypt}, but crypt(3c) is more
clever these days and is extensible in itself. from /etc/shadow on a
typical Linux system:

$1$Bn7P0ASN$baWgRvs/4RPe1q8Ba12Ky0

as you can see, it's longer than the traditional crypt strings, and it's
separated into fields with dollar signs. $1 means use the algorithm
"salted MD5", the salt comes next, and finally the crypted password.
*BSD and Solaris supports this scheme, too. (I think it actually
originated on FreeBSD, but don't shoot me if that's the wrong
attribution.)

I don't think you should worry too much about bigcrypt and other weird
extensions. just make sure you pass along the _whole_ password to
crypt(3c), not just the first 8 characters. crypt(3c) will chop off
excess characters itself if need be.

--
Kjetil T.