> On 2015-10-17, Ted Unangst <[email protected]> wrote: > > Adam Wysocki wrote: > >> As OpenBSD crypt() function differs from the one in Linux libc and returns > >> NULL for setting "Mb", before I start porting it from libc, maybe you have > >> an easier solution? Maybe there is a library I can use (different than > >> whole bloated Linux libc)? > > > > run john the ripper to crack all their passwords, then create bcrypt hashes > > for them? i'm only half kidding. des crypt should have been retired ages > > ago. > > They can't be more than 8 chars so even if you have to brute-force them > it shouldn't take that long. Only problem is that you can't be sure you > got the original password, it might be something else that produces the > same crypted value. Still, it's fairly likely that they will be obvious > (at least they have been when I've used this method).
those old hashes are so wimpy and unsafe, you could go do this job on just about any cloud infrastructure. it is not like you are adding much additional risk. such unsafe hashes can only be used in strongly isolated networks. in which case, you could post them to the mailing list, lots of people here have extra compute cycles. ok, now the joke has gone too far. or is the real joke DES in 2015?
