httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: export restrictions & mirroring Apache at NCSA
Date Sun, 21 May 1995 20:02:37 GMT
On Sun, 21 May 1995, Robert S. Thau wrote:
> Hmmm... this "crypt" thing is, despite the name, really just used as
> a one-way function to encrypt the stored forms of passwords, hashed with
> a fourteen-bit salt (well within the 40-bit apparent export limit).
> Still, DES is involved in at least the standard version (although I
> remember hearing something about wimpy-crypt based versions in the
> export editions of some commercial Unices, with the same interface).

The good news is that (at least as far as I can tell) it doesn't matter 
what function crypt uses to hash, as long as the same function is used in 
the password creation function.  I.e., if crypt() on 
Exportable-But-Really-Insecure-Unix-2.0 even returned as the hash the 
very key it was given, it'd still work fine.


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--  http://www.[hyperreal,organic].com/

View raw message