This is a simple proposal to add support for NT MD4 password hashes to crypt(3).NT MD4 password hashes are more insecure than the standard FreeBSD MD5 based password crypt or the much more stronger blowfish based encryption. Why are you/we so nut to use NT password hashes? The answer is very simple:
If you like to authenticate dialin users (ppp, pptp) with CHAP you need the plaintext password on the server and therefore its not possible to store the passwords in the systems master.passwd. Using PAP is a bad idea, because the passwords are transmitted as plaintext over the net. MS-CHAP solves this problem by using hashed passwords (md4).
With MS-CHAP and our modification to crypt(3) its not longer necessary to store plaintext secrets on your server!
But we think there are many more advantages:
cp crypt-nthash.c /usr/src/lib/libcrypt cd /usr/src/lib/libcrypt patch < libcrypt.diff make make intall cd /usr/src/usr.bin/passwd make make installAnd here are patches for mpd, with these patches mpd uses the master.passwd for passwords, if a '*' is specified in the mpd.secret in the password field. This works with all encryption methods if PAP is used, if the password is a NT-Hash MS-CHAP also works. CHAP doesen't work at all, because you need the plaintext password.