Subject: Re: questions about netbsd
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Steven M. Bellovin <smb@research.att.com>
List: port-i386
Date: 02/09/2003 14:54:31
In message <200302091948.OAA04647@Sparkle.Rodents.Montreal.QC.CA>, der Mouse wr
ites:
>>> such as the blowfish password algorithm?
>> The passwd algortithms are not part of the kernel,
>
>Right.
>
>> NetBSD [...] supports MD5 (in addidition to the historical 3DES).
>
>The historical algorithm is DES-based, not 3DES-based. It does use
>multiple iterations of DES, in a manner very vaguely reminiscent of
>3DES, but it's not really fair to call it 3DES-based. (It's also a
>slightly mutated DES.)
Yes. The justification is described in a Morris and Thompson paper
that's supposed to be in /usr/share/doc/smm/17.password -- it would be
very nice if it were there (hint, hint).
http://citeseer.nj.nec.com/morris79password.html has it, for those who
can't wait...
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)