On Sat, 16 Apr 2005, Anthony Atkielski wrote:
Where's the actual code that accepts the input of a password and/or encrypts it? I looked in login.c, but that only seems to call PAM or something; from that point on, I wasn't sure where to look.
Start with crypt(3).
I'm especially interested in knowing how a very long password (up to the FreeBSD limit of, I think, 128 characters) is hashed and mashed into an encrypted password, but I'm also generally interested in the whole process. I'd like to think that a 128-byte password consisting of random words and special characters would be just as secure as a shorter, completely random password, but that's only true if FreeBSD is hashing the entire 128-byte string in some cryptographically secure way in order to produce an encrypt password that is a function of every bit of the plaintext password.
Look in /usr/src/lib/libcrypt/. The MD5 password hashing scheme is found in crypt-md5.c (the whole password is being used, btw).
$.02, /Mikko _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
