Complete.Org: Mailing Lists: Archives: freeciv-dev: August 2001:
[Freeciv-Dev] Re: Passwd auth with MD5 hash 		Home

[Freeciv-Dev] Re: Passwd auth with MD5 hash

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Bernd Jendrissek <berndj@xxxxxxxxxxx>
Cc: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: Passwd auth with MD5 hash
From: Trent Piepho <xyzzy@xxxxxxxxxxxxx>
Date: Tue, 21 Aug 2001 04:07:17 -0700 (PDT) 
On Tue, 21 Aug 2001, Bernd Jendrissek wrote:
> In article 
> <Pine.LNX.4.04.10108210212560.20552-100000@xxxxxxxxxxxxxxxxxxxxxxx> Trent 
> Piepho <xyzzy@xxxxxxxxxxxxx> wrote:
> >On Tue, 21 Aug 2001, Raimar Falke wrote:
> >> I don't see the md5 method.
> >
> >It was in the call to crypt(), except my crypt manpage says it uses a
> >variation of DES not md5.  Is crypt() portable to non-UNIX systems though?
> 
> IIRC glibc (note: *g*libc) crypt(3) has a feature where, if the first two
> chars of salt are "$1" or somesuch, the algorithm used is MD5.
> 
> >The salt generation code looked like a mess to me.  My manpage says salt is
> >just a two characters.  There is no need to mess with it so much either, just
> 
> Except when it starts with '$1' and you're using the GNU C library.

Looks like I could use a new manpage package.  This seems pretty non-portable
though.  I wonder if hashing the password is really necessary at all.  After
all, the owner of the save game file can always change the password or hack
the server to not hash it, so it doesn't add any security.
[Prev in Thread] Current Thread [Next in Thread]