From the FreeBSD Handbook (http://www.freebsd.org/doc/en/books/handbook/crypt.html): 14.4 DES, Blowfish, MD5, and Crypt ... Unfortunately the only secure way to encrypt passwords when UNIX came into being was based on DES, the Data Encryption Standard. I believe the above is not accurate. According to Password Security: A Case History [1], Morris and Thompson write in their PROLOGUE: The UNIX system was first implemented with a password file that contained the actual passwords of all the users.... Later, under THE FIRST SCHEME, Morris and Thompson write: A convenient and rather good encryption program happened to exist on the system at the time; it simulated the M-209 cipher machine used by the U.S. Army during World War II. It turned out that the M-209 program was usable, but with a given key, the ciphers produced by this program are trivial to invert. ... the password was used not as the text to be encrypted but as the key, and a constant was encrypted using this key. I'm a big fan of history, and others might also find Morris and Thompson's history of the Unix password system interesting. Jeffrey Walton Baltimore, MD, US [1] www.cs.bell-labs.com/who/dmr/passwd.ps Fix: N/A How-To-Repeat: N/A
Responsible Changed From-To: freebsd-doc->trhodes Take this PR.
I think this issue is obsolete after the recent overhaul of Chapter 14 - Security. Agree? I am unable to find the quoted text in HEAD.
batch change: For bugs that match the following - Status Is In progress AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
The text in question was removed with rewrite of the security section in r43744.