On Fri, 9 Jul 1999, Louis Bertrand wrote:
> It would be nice if the password scheme you finally settle on can be
> optionally replaced (compile-time) by the password hash available native
> on the OS. In the case of OpenBSD, the Blowfish-based replacement for the
> DES or MD5 based crypt(3) is better suited to resisting dictionary and
> other offline attacks by fast processors.
>
> This suggestion is useful in case the shadow password file is compromised.
> It is independent of any challenge-response protocol you apply upstream.
Perhaps one could also allow the use of PAM where available. That would
make things infinitely easier for administrators.
--
Peter Eisentraut
PathWay Computing, Inc.