Fabien COELHO wrote:
>
> Dear Bruce,
>
> > Yes, the problem is that we used the username for the salt, just like
> > FreeBSD does for its MD5 passwords.
>
> Not that I know of on FreeBSD?
>
> shell> uname -a
> FreeBSD palo-alto2.ensmp.fr 4.9-STABLE FreeBSD 4.9-STABLE #5: Mon Mar 1 21:31:30 CET 2004
root@palo-alto2.ensmp.fr:/usr/src/sys/compile/IAR2Mi386
>
> shell> grep coelho /var/yp/master.passwd
> coelho:$1$00EacB0I$4kQ/HmqFFQANZP/mxj8ZX0:210:20::0:0:COELHO, Fabien:/users/cri/coelho:/usr/local/bin/bash
> ^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^
> salt some base 64 encoding of 1002 paranoid md5 computations.
>
> Even of the salt is based on the login, the point is that it is stored
> separatly, so the system does not rely on the login string to check the
> password.
Oh, I thought FreeBSD used the username. Not sure were we got that
idea. I know we needed a different salt only so users with the same
password would not have the same MD5 value.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
