From root@brettschroeder.name  Sun Jun  6 02:52:16 2004
Return-Path: <root@brettschroeder.name>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5667616A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  6 Jun 2004 02:52:16 -0700 (PDT)
Received: from Anapurna.brettschroeder.name (c-24-20-126-220.client.comcast.net [24.20.126.220])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CE5F143D39
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  6 Jun 2004 02:52:15 -0700 (PDT)
	(envelope-from root@brettschroeder.name)
Received: by Anapurna.brettschroeder.name (Postfix, from userid 0)
	id 8E9BAD33; Sun,  6 Jun 2004 02:52:52 -0700 (PDT)
Message-Id: <20040606095252.8E9BAD33@Anapurna.brettschroeder.name>
Date: Sun,  6 Jun 2004 02:52:52 -0700 (PDT)
From: Brett Schroeder <brett@brettschroeder.name>
Reply-To: Brett Schroeder <brett@brettschroeder.name>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Handbook incorrect about details of Blowfish encryption
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         67624
>Category:       docs
>Synopsis:       Handbook incorrect about details of Blowfish encryption
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 06 03:00:39 PDT 2004
>Closed-Date:    Wed Jun 09 16:14:02 CEST 2004
>Last-Modified:  Wed Jun 09 16:14:02 CEST 2004
>Originator:     Brett Schroeder
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD Anapurna.brettschroeder.name 4.10-STABLE FreeBSD 4.10-STABLE #0: Thu May 27 20:57:11 PDT 2004 brett@Anapurna.brettschroeder.name:/usr/obj/usr/src/sys/ANAPURNA i386

>Description:
Section 10.4.1 of the Handbook (Recognizing your crypt mechanism) 
states that Blowfish encrypted passwords begin with $2$. This is incorrect, 
they begin with $2a$.

Here's an example from my /etc/master.passwd (most of the encrypted password has been X'd
out ;-)

brett:$2a$04$8K21POXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1001:0::0:0:Brett Schroeder:/home/brett:/bin/csh
vicki:$2a$04$hoMVJMXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:1000:1000::0:0:Vicki Schroeder:/home/vicki:/bin/csh

>How-To-Repeat:
1) Edit /etc/auth.conf to have
	crypt_default   =       blf	# default = md5 des
(not sure if this step is really necessary)

2) Edit /etc/login.conf to have
	:passwd_format=blf:\		# default = md5

3) Run cap_mkdb /etc/login.conf

4) Add a dummy user, take a look at /etc/master.passwd

>Fix:

--- chapter_original.sgml	Sun Jun  6 02:13:05 2004
+++ chapter.sgml	Sun Jun  6 02:13:29 2004
@@ -1031,7 +1031,7 @@
 	Passwords encrypted with the MD5 hash are longer than those
 	encrypted with the DES hash and also begin with the characters
 	<literal>&dollar;1&dollar;</literal>.  Passwords starting with
-	<literal>&dollar;2&dollar;</literal> are encrypted with the
+	<literal>&dollar;2a&dollar;</literal> are encrypted with the
 	Blowfish hash function.  DES password strings do not
 	have any particular identifying characteristics, but they are
 	shorter than MD5 passwords, and are coded in a 64-character


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: brueffer 
State-Changed-When: Wed Jun 9 16:13:42 CEST 2004 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=67624 
>Unformatted:
