mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 23:48:09 +01:00
1130b656e5
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
81 lines
4.1 KiB
Plaintext
81 lines
4.1 KiB
Plaintext
<!-- $FreeBSD$ -->
|
|
<!-- The FreeBSD Documentation Project -->
|
|
|
|
<sect><heading>DES, MD5, and Crypt<label id="crypt"></heading>
|
|
|
|
<p><em>Contributed by &a.wollman;<newline>24 September 1995.</em>
|
|
|
|
<p><bf>History</bf>
|
|
|
|
<p>In order to protect the security of passwords on UN*X systems from
|
|
being easily exposed, passwords have traditionally been scrambled in
|
|
some way. Starting with Bell Labs' Seventh Edition Unix, passwords
|
|
were encrypted using what the security people call a ``one-way hash
|
|
function''. That is to say, the password is transformed in such a way
|
|
that the original password cannot be regained except by brute-force
|
|
searching the space of possible passwords. Unfortunately, the only
|
|
secure method that was available to the AT&T researchers at the
|
|
time was based on DES, the Data Encryption Standard. This causes only
|
|
minimal difficulty for commercial vendors, but is a serious problem
|
|
for an operating system like FreeBSD where all the source code is
|
|
freely available, because national governments in many places like to
|
|
place restrictions on cross-border transport of DES and other
|
|
encryption software.
|
|
|
|
<p>So, the FreeBSD team was faced with a dilemma: how could we provide
|
|
compatibility with all those UNIX systems out there while still not
|
|
running afoul of the law? We decided to take a dual-track approach:
|
|
we would make distributions which contained only a non-regulated
|
|
password scrambler, and then provide as a separate add-on library the
|
|
DES-based password hash. The password-scrambling function was moved
|
|
out of the C library to a separate library, called `<tt>libcrypt</tt>'
|
|
because the name of the C function to implement it is
|
|
`<tt>crypt</tt>'. In FreeBSD 1.x and some pre-release 2.0 snapshots,
|
|
the non-regulated scrambler uses an insecure function written by Nate
|
|
Williams; in subsequent releases this was replaced by a mechanism
|
|
using the RSA Data Security, Inc., MD5 one-way hash function. Because
|
|
neither of these functions involve encryption, they are believed to be
|
|
exportable from the US and importable into many other countries.
|
|
|
|
<p>Meanwhile, work was also underway on the DES-based password hash
|
|
function. First, a version of the `<tt>crypt</tt>' function which was
|
|
written outside the US was imported, thus synchronizing the US and
|
|
non-US code. Then, the library was modified and split into two; the
|
|
DES `<tt>libcrypt</tt>' contains only the code involved in performing
|
|
the one-way password hash, and a separate `<tt>libcipher</tt>' was
|
|
created with the entry points to actually perform encryption. The
|
|
code was partitioned in this way to make it easier to get an export
|
|
license for the compiled library.
|
|
|
|
<p><bf>Recognizing your `<tt>crypt</tt>' mechanism</bf>
|
|
|
|
<p>It is fairly easy to recognize whether a particular password
|
|
string was created using the DES- or MD5-based hash function.
|
|
MD5 password strings always begin with the characters
|
|
`<tt>$1$</tt>'. DES password strings do not have
|
|
any particular identifying characteristics, but they are shorter
|
|
than MD5 passwords, and are coded in a 64-character alphabet
|
|
which does not include the `<tt>$</tt>' character, so a
|
|
relatively short string which doesn't begin with a dollar sign is
|
|
very likely a DES password.
|
|
|
|
<p>Determining which library is being used on your system is fairly
|
|
easy for most programs, except for those like `<tt>init</tt>' which
|
|
are statically linked. (For those programs, the only way is to try
|
|
them on a known password and see if it works.) Programs which use
|
|
`<tt>crypt</tt>' are linked against `<tt>libcrypt</tt>', which for
|
|
each type of library is a symbolic link to the appropriate
|
|
implementation. For example, on a system using the DES versions:
|
|
|
|
<tscreen><verb>
|
|
$ cd /usr/lib
|
|
$ ls -l /usr/lib/libcrypt*
|
|
lrwxr-xr-x 1 bin bin 13 Sep 5 12:50 libcrypt.a -> libdescrypt.a
|
|
lrwxr-xr-x 1 bin bin 18 Sep 5 12:50 libcrypt.so.2.0 -> libdescrypt.so.2.0
|
|
lrwxr-xr-x 1 bin bin 15 Sep 5 12:50 libcrypt_p.a -> libdescrypt_p.a
|
|
</verb></tscreen>
|
|
|
|
On a system using the MD5-based libraries, the same links will be
|
|
present, but the target will be `<tt>libscrypt</tt>' rather than
|
|
`<tt>libdescrypt</tt>'.
|