Using vnconfig to do encrypted filesystems
Hey. OpenBSD suports an option (-k) to vnconfig(8) that causes it to prompt for a key which is used to encrypt whatever passes through the device. Are there plans to port this functionality in to FreeBSD? Thanks. -- --Spike Gronim [EMAIL PROTECTED] Oh yes? An obscene triangle which, has more courage than the word. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Should URL's be pervasive.
On Fri, Aug 31, 2001 at 12:11:30AM +0400, [EMAIL PROTECTED] wrote: Laurence Berland writes: Optimally, you could write a urlsh or something, and leave everyone else alone. The shell could do substitutions on URLs just like they do on wildcards etc, and the applications would not need to be rewritten, plus you wouldn't add bloat to those of us who don't want this in the system... It is possible if interfaces of utilities is fully standartized. For example -p flag in any command means port number. Actually, that's not true. The scp manpage says: -p Preserves modification times, access times, and modes from the original file. Also, tar has the same flag with the same meaning. Such as mutt -l user -h host.domain as legal alternative of mutt [EMAIL PROTECTED] [snip] -- @BABOLO http://links.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message -- --Spike Gronim [EMAIL PROTECTED] Oh yes? An obscene triangle which, has more courage than the word. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: The design of the MD5 crypt() in FreeBSD
On Sat, Jun 02, 2001 at 07:46:28AM +0200, Poul-Henning Kamp wrote: In message [EMAIL PROTECTED], Spike Gronim writes: I understand the literal meaning of /usr/src/lib/libcrypt/crypt-md5.c, and the algorithm it uses to create it's output. However, I do not understand the design criteria or functional purpose of several elements of the process. At the time the MD5 hash was written we could not use anything DES based due to ITAR. The design criteria was to get a strong, preferably stronger than DES, password encryption, which would make brute force attacks very much harder. [snip] The overall MD5 chewing code were done to try to make the algorithm unsuitable for hardware implementation (MD5 is already pretty bad for that) the various unlinear steps would make it practically impossible to do a hardware implementation of anything but the basic MD5: you would still need to iterate through it. Ah, I hadn't considered that. That pretty much answers my question. I don't know enough about cryptographic math to argue that this algorithm is perfect or even good. I know it to be better than the DES things, and infinitely better than the scrambler we had to fill the hole for DES at the time. In light of this theoretical backing, I introduced the $1$ marker, which allows the algorithm to be replaced in a backwards compatible way (as already done by OpenBSD). -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. -- --Spike Gronim [EMAIL PROTECTED] Oh yes? An obscene triangle which, has more courage than the word. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
The design of the MD5 crypt() in FreeBSD
Hey. I was asked a question about the use of salts in password files recently, and it prompted me to look up exactly how FreeBSD uses the salt. The 'DES Extended Format' salt is described in the man page and makes sense to me. However, the MD5 hash's use of the salt is not spelled out in the man page. I understand the literal meaning of /usr/src/lib/libcrypt/crypt-md5.c, and the algorithm it uses to create it's output. However, I do not understand the design criteria or functional purpose of several elements of the process. Before iterating 1000 times, the password, salt, and magic string are all hashed. Then, the hash of these three things is hashed in to the first hash of those three things. What is the purpose of incorporating the hash back in to itself? Then, something really wierd (line 124, /usr/src/lib/libcrypt/crpt-md5.c). The length of the password is right shifted by 1 untill it is 0, and at every iteration of this one character of either the previous hash (final) or the first character of the password is hashed in to the evolving hash of the password. But, just before this (on line 122) the output of the previous hash was zeroed so as not to leave traces in memory. Is the use of a single '0', or alternatively only the first character of the password intentional? Was this derived as a suitably complex transformation designed to occupy CPU cycles in a brute force attack, or does it accomplish some specific cryptographic purpose? During the 1000 iterations of MD5 performed during this crypt() operation, the per-iteration hash is update selectively based on the iteration number. Two of these updates seem to be exactly the same (the updates on lines 145-148 and on lines 156-159). Is this redundancy intentional? How were the other updates to the per-iteration hash chosen? Also, is the method of transcribing the final MD5 output in to a base 64 password hash chosen to whiten the hash? (that is, obscure the last round from the attacker). Thanks. -- --Spike Gronim [EMAIL PROTECTED] Oh yes? An obscene triangle which, has more courage than the word. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Should I switch? [was Re: A novel idea....]
s developed more for reliability and performance as a server and not a deskto. However, Mac OS X is based on a BSD core (some FreeBSD, some NetBSD, some Apple). This is an example of BSD's stability and performance being taken by a third party and packaged as the underlying support for a state of the art GUI. In this respect, I'd say that more desktops run BSD right now than run Linux. Thanks alot to anyone who can answer any of these questions!!! --Jason -- --Spike Gronim [EMAIL PROTECTED] "Oh yes? An obscene triangle which, has more courage than the word." To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message