Andrew Howell <[EMAIL PROTECTED]> writes: > Though it would be nice if the whole community switched I don't think > it's that great a deal whether they do or not, us using MD5 and others > using DES shouldn't lead to any incompatibilties or problems as far > as I can see.
I asked Garrett A. Wollman (FreeBSD) about their experience using MD5 outside of the US, why they didn't switch to MD5 wholesale, etc. Garrett noted: > Because it's incompatible with every other UNIX system out there. > Lots of people need access to YP password databases, etc., and > therefore have to have the DES hash. > > Some people find the existence of two different password mechanisms > confusing. Some people find the fact that the `crypt' function and > library doesn't actually do encryption really confusing. > > Some programs use small fixed-length buffers to hold hashed > passwords, causing them to crash when used with the longer output > from the MD5 scheme. Before Debian actually switches to MD5, issues such as these must be resolved. Any use of fixed-length buffers to hold hashed passwords should probably be considered a bug, regardless. A mixed solution may be possible, supplying DES (from both a US and a non-US site) to those who require YP support. I'm still not in favor of Debian doing this alone in the Linux community, though. Dan -- Daniel Quinlan Member of the League for Programming Freedom [EMAIL PROTECTED]
