[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Modifications to the pam_unix module



On Mon, 7 Jun 1999, Savochkin Andrey Vladimirovich wrote:

> As far as can I see your implementation of MD5 hashed passwords isn't correct
> on big endian systems.

> The well known MD5 code you've taken requires a predefined symbol (HIGHFIRST)
> for big endian target.  If you don't provide the symbol the code will return
> a wrong result.  So you will lose the ability to move passwd files between
> systems.

Actually, in this case the MD5 code I've included is only being used for
generation of salts (pam_unix previously used repeated calls to rand(),
which is more predictable than I'd like it to be, and also wasn't being used
terribly efficiently), so in this case endianness doesn't matter.  Of
course, now that the MD5 code is there it would be trivial to add support
for MD5 passwords on systems where it's not supported by crypt(), which is
one of the reasons I don't feel too bad about adding an entire C file just
for salt generation. :)

-Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []