[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Modifications to the pam_unix module

On Mon, Jun 07, 1999 at 07:50:21AM -0500, Stephen Langasek wrote:
> On Mon, 7 Jun 1999, Savochkin Andrey Vladimirovich wrote:
> > As far as can I see your implementation of MD5 hashed passwords isn't correct
> > on big endian systems.
> > The well known MD5 code you've taken requires a predefined symbol (HIGHFIRST)
> > for big endian target.  If you don't provide the symbol the code will return
> > a wrong result.  So you will lose the ability to move passwd files between
> > systems.
> Actually, in this case the MD5 code I've included is only being used for
> generation of salts (pam_unix previously used repeated calls to rand(),
> which is more predictable than I'd like it to be, and also wasn't being used
> terribly efficiently), so in this case endianness doesn't matter.  Of

I see.  Sorry, I overlooked the MD5 usage starting reading from Makefile.
I prefer to use /dev/random for salts but it's Linux-specific.

> course, now that the MD5 code is there it would be trivial to add support
> for MD5 passwords on systems where it's not supported by crypt(), which is
> one of the reasons I don't feel too bad about adding an entire C file just
> for salt generation. :)

Best regards
					Andrey V.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []