> I used to use crypt() in some password-checking code of mine (authentication
> and password changing on CGI scripts, for instance). Now I'd like to use MD5
> instead, but I can't find an API to do this. Apropos found nothing. Which
> functions, in which libraries, do the new authentication system use?
crypt(), same as before. The man page documents only the DES-based code,
but the libc info file contains the following snippet:
The SALT parameter does two things. Firstly, it selects which
algorithm is used, the MD5-based one or the DES-based one.
Secondly, it makes life harder for someone trying to guess
passwords against a file containing many passwords; without a
SALT, an intruder can make a guess, run `crypt' on it once, and
compare the result with all the passwords. With a SALT, the
intruder must run `crypt' once for each different salt.
I suggest seeing the info file for more information; a side-effect is that
both DES-based and MD5-based password checks can be mixed in the same file
(at least, as far as I can see).
HTH,
--
Kevin L. Mitchell <[EMAIL PROTECTED]>
------------------------- -. .---- --.. ..- -..- --------------------------
http://web.mit.edu/klmitch/www/ (PGP keys availiable from here)
RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2
DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E
DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
