Bug 157049 - FreeBSD Handbook: Chapter 14 (Security) Inaccuracy
Summary: FreeBSD Handbook: Chapter 14 (Security) Inaccuracy
Status: Closed FIXED
Alias: None
Product: Documentation
Classification: Unclassified
Component: Documentation (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Tom Rhodes
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-15 04:10 UTC by Jeffrey Walton
Modified: 2019-02-09 17:33 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeffrey Walton 2011-05-15 04:10:12 UTC
From the FreeBSD Handbook (http://www.freebsd.org/doc/en/books/handbook/crypt.html):

14.4 DES, Blowfish, MD5, and Crypt
    ...
    Unfortunately the only secure way to encrypt passwords when
    UNIX came into being was based on DES, the Data Encryption
    Standard.

I believe the above is not accurate. According to Password Security: A Case History [1], Morris and Thompson write in their PROLOGUE:

    The UNIX system was first implemented with a password file
    that contained the actual passwords of all the users....

Later, under THE FIRST SCHEME, Morris and Thompson write:

    A convenient and rather good encryption program happened to
    exist on the system at the time; it simulated the M-209 cipher
    machine used by the U.S. Army during World War II. It turned
    out that the M-209 program was usable, but with a given key,
    the ciphers produced by this program are trivial to invert. ...
    the password was used not as the text to be encrypted but as
    the key, and a constant was encrypted using this key.

I'm a big fan of history, and others might also find Morris and Thompson's history of the Unix password system interesting.

Jeffrey Walton
Baltimore, MD, US

[1] www.cs.bell-labs.com/who/dmr/passwd.ps

Fix: 

N/A
How-To-Repeat: N/A
Comment 1 Tom Rhodes freebsd_committer 2014-02-03 19:06:44 UTC
Responsible Changed
From-To: freebsd-doc->trhodes

Take this PR.
Comment 2 Anders Jensen-Waud 2014-06-19 03:38:07 UTC
I think this issue is obsolete after the recent overhaul of Chapter 14 - Security. Agree? I am unable to find the quoted text in HEAD.
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:40:55 UTC
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 4 Sergey Kandaurov freebsd_committer 2019-02-09 17:33:54 UTC
The text in question was removed with rewrite of the security section in r43744.