Default password hash
Mike Tancsa
mike at sentex.net
Mon Jun 11 14:12:09 UTC 2012
On 6/11/2012 10:00 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa <mike at sentex.net> writes:
>> Dag-Erling Smørgrav <des at des.no> writes:
>>> Mike Tancsa <mike at sentex.net> writes:
>>>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>>>> currently not there.
>>> "not there" as in "not supported by crypt(3)"?
>> If you put in sha256|sha512 in passwd_format, the passwd that gets
>> chosen is DES, as in Data Encryption Standard, not Dag-Erling Smørgrav
>> ;-)
>
> This is non-trivial to fix, as the code that would need to be MFCed
> depends on libc changes. I'm worried about collateral damage from
> MFCing those changes.
>
> It may be possible to backport the sha2 code.
Locally, we still have a need to share some passwd files between a
couple of RELENG_8 and RELENG_7 boxes. But it might be better to just
upgrade the new boxes to 8 if need be. If not, is Blowfish as its
currently implemented on RELENG_7 considered strong enough ? There has
been some discussion suggesting its not and some that it is.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-security
mailing list