Feature Proposal: Transparent upgrade of crypt() algorithms
A.J. Kehoe IV (Nanoman)
nanoman at nanoman.ca
Fri Mar 7 21:52:27 UTC 2014
Allan Jude wrote:
>On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
>> Allan Jude wrote:
>>
>> [...]
>>
>>> Honestly, my use case is just silently upgrading the strength of the
>>> hashing algorithm (when combined with my other feature request).
>>> Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
>>> applies for the default sha512, maybe I want to update to rounds=15000
>>
>> Like this?
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=182518
>>
>> Request for comments:
>>
>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903
>>
>
>This looks like what we wanted. In the feedback you talked about some
>changes to your patch required to make it work, is there any progress on
>those?
Derek's patches worked perfectly for our needs, but we're the sort of people who use vipw and our own utilities for user management. It wasn't until later that we discovered at least one other file would need patching to satisfy everyone. We didn't want to employ the same copy-pasta method, so we asked for feedback about our proposed alternative.
secteam@, do you have any comments? Before we put any more work into this, we want to be sure that our proposal is an acceptable one.
--
A.J. Kehoe IV (Nanoman) | /"\ ASCII Ribbon Campaign
Nanoman's Company | \ / - No HTML/RTF in E-mail
E-mail: nanoman at nanoman.ca | X - No proprietary attachments
WWW: http://www.nanoman.ca/ | / \ - Respect for open standards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3924 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20140307/9e890663/attachment.bin>
More information about the freebsd-current
mailing list