10.4 DES, MD5, and Crypt

Parts rewritten and updated by Bill Swingle.

Every user on a Unix system has a password associated with their account. It seems obvious that these passwords need to be known only to the user and the actual operating system. In order to keep these passwords secret, they are encrypted with what is known as a ``one-way hash'', that is, they can only be easily encrypted but not decrypted. In other words, what we told you a moment ago was obvious is not even true: the operating system itself does not really know the password. It only knows the encrypted form of the password. The only way to get the ``plain-text'' password is by a brute force search of the space of possible passwords.

Unfortunately the only secure way to encrypt passwords when Unix came into being was based on DES, the Data Encryption Standard. This was not such a problem for users resident in the US, but since the source code for DES could not be exported outside the US, FreeBSD had to find a way to both comply with US law and retain compatibility with all the other Unix variants that still used DES.

The solution was to divide up the encryption libraries so that US users could install the DES libraries and use DES but international users still had an encryption method that could be exported abroad. This is how FreeBSD came to use MD5 as its default encryption method. MD5 is believed to be more secure than DES, so installing DES is offered primarily for compatibility reasons.

10.4.1 Recognizing Your Crypt Mechanism

It is pretty easy to identify which encryption method FreeBSD is set up to use. Examining the encrypted passwords in the /etc/master.passwd file is one way. Passwords encrypted with the MD5 hash are longer than those encrypted with the DES hash and also begin with the characters $1$. DES password strings do not have any particular identifying characteristics, but they are shorter than MD5 passwords, and are coded in a 64-character alphabet which does not include the $ character, so a relatively short string which does not begin with a dollar sign is very likely a DES password.

The libraries can identify the passwords this way as well. As a result, the DES libraries are able to identify MD5 passwords, and use MD5 to check passwords that were encrypted that way, and DES for the rest. They are able to do this because the DES libraries also contain MD5. Unfortunately, the reverse is not true, so the MD5 libraries cannot authenticate passwords that were encrypted with DES.

Identifying which library is being used by the programs on your system is easy as well. Any program that uses crypt is linked against libcrypt, which for each type of library is a symbolic link to the appropriate implementation. For example, on a system using the DES versions:

    % ls -l /usr/lib/libcrypt*
    lrwxr-xr-x  1 root  wheel  13 Mar 19 06:56 libcrypt.a -> libdescrypt.a
    lrwxr-xr-x  1 root  wheel  18 Mar 19 06:56 libcrypt.so.2.0 -> libdescrypt.so.2.0
    lrwxr-xr-x  1 root  wheel  15 Mar 19 06:56 libcrypt_p.a -> libdescrypt_p.a

On a system using the MD5-based libraries, the same links will be present, but the target will be libscrypt rather than libdescrypt.

If you have installed the DES-capable crypt library libdescrypt (e.g. by installing the "crypto" distribution), then which password format will be used for new passwords is controlled by the ``passwd_format'' login capability in /etc/login.conf, which takes values of either ``des'' or ``md5''. See the login.conf(5) manual page for more information about login capabilities.

This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.