cvs commit: src/release Makefile

Peter Jeremy PeterJeremy at
Wed Sep 28 12:03:14 PDT 2005

On Wed, 2005-Sep-28 15:10:19 +0200, Pawel Jakub Dawidek wrote:
>On Wed, Sep 28, 2005 at 01:46:14PM +0100, Ceri Davies wrote:
>+> On Wed, Sep 28, 2005 at 12:39:00PM +0000, Ken Smith wrote:
>+> > kensmith    2005-09-28 12:39:00 UTC
>+> > 
>+> >   FreeBSD src repository
>+> > 
>+> >   Modified files:
>+> >     release              Makefile 
>+> >   Log:
>+> >   Add SHA256 checksums to the release build.
>+> Good idea.  Along these lines, does anyone know what the barriers are
>+> in moving the default password hash from md5 to blowfish (not for
>+> RELENG_6, just in general), or has it just not been done yet?

You need to a line "crypt_default = blf" to /etc/auth.conf
That said, the blowfish magic string looks wrong - the MD5 and NT
hashes both have a training '$' but blowfish doesn't.  Is this
deliberate or a typo?

>I'd really like to see us using PKCS#5v2 for system passwords at some
>point instead of home-grown hash(hash(...(x))) or encrypt(encrypt(...(x))).

As long as you can describe PKCS in a way that's compatible with the
modular crypt described in crypt(3), this is trivial.

Peter Jeremy

More information about the cvs-src mailing list