src-test2/lib/libcrypt/crypt.c, branch release/5.3.0_cvs

This commit was manufactured by cvs2svn to create tag

2004-11-04T19:12:42Z

'RELENG_5_3_0_RELEASE'. This commit was manufactured to restore the state of the 5.3-RELEASE image.

Add a new hash type. This "NT-hash" is compatible with the password

2003-06-02T19:29:27Z

hashing scheme used in Microsoft's NT machines. IT IS NOT SECURE! DON'T USE IT! This is for the use of competent sysadmins only! Submitted by: Michael Bretterklieber

No functional change, but big code cleanup. WARNS, lint(1) and style(9).

2002-03-06T17:18:09Z

Implement __FBSDID()

2001-09-16T21:35:07Z

Removed duplicate VCS ID tags, as per style(9).

2001-08-13T14:06:34Z

Add OpenBSD-style blowfish password hashing. This makes one less

2001-03-11T16:05:43Z

gratuitous difference between us and our sister project. This was given to me _ages_ ago. May apologies to Paul for the length of time its taken me to commit. Obtained from: Niels Provos /OpenBSD Submitted by: Paul Herman

Hindsight is wonderful, but I got cold feet over the crypt(3) default

2000-12-28T11:23:01Z

so I am backing it out for now. The problem is that some random program calling crypt() could be passing a DES salt and the crypt(3) library would encrypt it in md5 mode and there would be a password mismatch as a result. I wrote a validater function for the DES code to verify that a salt is valid for DES, but I realized there were too many strange things to go wrong. passwd(1), pw(8) etc still generate md5 passwords by default for /etc/master.passwd, so this is almost academic. It is a big deal for things that have their own crypt(3)-ed password strings (.htaccess, etc etc). Those are the things I do not want to break. My DES salt recognizer basically checked if the salt was either 2 or 13 characters long, or began with '_' (_PASSWORD_EFMT1). I think it would have worked but I have seen way too much crypt() mishandling in the past.

Merge into a single US-exportable libcrypt, which only provides

2000-12-28T10:32:02Z

one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost. Reviewed-by: jkh (flame-proof suit on)

Still have to support libscrypt for now :( Add #defines to take DES

2000-08-24T17:51:16Z

out for it.

Add working and easy crypt(3)-switching. Yes, we need a whole new API

2000-08-22T02:15:54Z

for crypt(3) by now. In any case: Add crypt_set_format(3) + documentation to -lcrypt. Add login_setcryptfmt(3) + documentation to -lutil. Support for switching crypt formats in passwd(8). Support for switching crypt formats in pw(8). The simple synopsis is: edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :) Reviewed by: peter