On Tue, 2006-09-12 at 14:37 +0100, Philip Hazel wrote: > However, the first question is: should any change be made? I don't > recall anybody reporting problems, and I suspect that the world is > moving on to other encryption methods such as {sha1} these days.
I think it's more common to stick to {crypt}, but crypt(3c) is more clever these days and is extensible in itself. from /etc/shadow on a typical Linux system: $1$Bn7P0ASN$baWgRvs/4RPe1q8Ba12Ky0 as you can see, it's longer than the traditional crypt strings, and it's separated into fields with dollar signs. $1 means use the algorithm "salted MD5", the salt comes next, and finally the crypted password. *BSD and Solaris supports this scheme, too. (I think it actually originated on FreeBSD, but don't shoot me if that's the wrong attribution.) I don't think you should worry too much about bigcrypt and other weird extensions. just make sure you pass along the _whole_ password to crypt(3c), not just the first 8 characters. crypt(3c) will chop off excess characters itself if need be. -- Kjetil T. -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##