I know, I'm ashamed to say that yes, this machine has been running (behind a restrictive firewall) for all of these years.
I was hoping that there was some hidden switch somewhere that would turn the classic crypt back on. No such luck. But thank you for the quick response. I've been using OpenBSD for a lot of years and really appreciate your efforts Theo, and the efforts of everyone associated with the project. ________________________________ From: Theo de Raadt <dera...@openbsd.org> Sent: Thursday, January 11, 2018 12:29:59 PM To: Jeff Zimmerman Cc: misc@openbsd.org Subject: Re: Options for dealing with DES crypt password file > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password hashes > in master.passwd. A majority of the passwords (hundreds) are old salted > DES crypt format. bummer > Am I correct in my research that everything but Blowfish was removed from > crypt() around OpenBSD 5.7? Are there any workarounds for me using the old > DES password hashes, or do we need to 'passwd <user>' for hundreds of users? There are no workarounds. The hashes cannot be reversed to make new passwords, and the legacy methods are removed intentionally because they are super weak You been running that on the internet? the shame!
