-----BEGIN PGP SIGNED MESSAGE----- Hello Matt,
Monday, October 01, 2001, 10:22:53 PM, you wrote: > I'm guessing that on FreeBSD, if I have the default set to MD5, > then vpopmail will only be able to verify MD5 passwords. Is that > correct? > If so, how do I extend it to support DES as well (like FreeBSD's > crypt routines)? Is it just a matter of updating FreeBSD's > libcrypt and then recompiling vpopmail? FreeBSD's libcrypt supports DES and MD5 at once (and in some installations it might even support blowfish, which I don't think is that wise idea cause IIRC Schneier himself stated several times that Blowfish shouldn't be used for PW hashing. OpenBSD does it nevertheless). You can either call crypt_set_format() to specify the one you like or rely on crypt()'s parsing of the supplied salt to decide which hash to use. In case of vpopmail, it appears to be DES cause vpopmail supplies a DES style hash: postmaster:ZbgbjJ3iQM2DE:1:0:postmaster:/home/vpopmail/domains/te1aaaa aa.com/postmaster:6000000 whereas master.passwd contains much longer hashs which I think are MD5. Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBO7le9MZa2WpymlDxAQG7jwf/RYKAvnLP3GqZsLebAk317XFl+UY8tQwH /sLpHb2shMP9mKUEt+s2lEpJHMC4Zh9OR2+gA9qu54+1/GspgL8dEhUcPZaWfaTA 5HLxi7x/5MX97tdJ01UaKBjauju7ek8kvT4gvAkiWOwPPEAoyglvJ+t7F6lhuzqp IsVxwVCVJC4g28Y4EHBsg4Z3uB0X7h61pQZY+MAYVJdr0b9MGU5gJY2DyNvTrg1i 4mGbZKbU/tE0cO2wOLQUt9OD+r+hy54P7nVMEsWcjA+NM8elCocUYYAoM3YPxXRQ 7fYQLfmmye8S8fSzeEfBWhvPEEKKaN8+1PANjQzkKe2FuFdgun1x2A== =rLLO -----END PGP SIGNATURE-----
