From owner-freebsd-security@freebsd.org  Wed May 23 21:50:40 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45B3DEE8B92
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 23 May 2018 21:50:40 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E252080D7E
 for <freebsd-security@freebsd.org>; Wed, 23 May 2018 21:50:39 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 952F421ADE
 for <freebsd-security@freebsd.org>; Wed, 23 May 2018 17:50:39 -0400 (EDT)
Received: from web4 ([10.202.2.214])
 by compute3.internal (MEProxy); Wed, 23 May 2018 17:50:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=C1Cu5j
 7SpenS9S30KRJ1N5aEXqRfi41RnYrECVztAcc=; b=F+VIH6ILu0HENU1W7KwNk6
 oVx63/GV4aOOz0qVYcEGr8vF2dh4RZLKjv6nXai1Y7g27pbznPhNY6FvxGuEkMsr
 WEJ7y74HijqWMF6JrTVWCZxIQromtShM5n2Mvn7MM6Dio9IdDfEExhGoUmKq5PTv
 0jODK9G+rgSffcIRb2eWzj0tBb62XGb4A7h1L0/rcIL6oSAh/PZu0nvMVp8bJApw
 aOEUFRpuHnLWTeYCpy+m+m26tjxAnwefcnuF8AksYxB9UUfC4glWyNRHZvuU9THZ
 59N2lApelSxz6x0vr07OwtluvR659fVn0crfR6TVSiflgMhEC/p238mMaVHBJVFg
 ==
X-ME-Proxy: <xmx:L-IFW9mXeqkic-_PMwLF3qyDCS2z_XSGyERPt_wSRIGfn2Hb9FKtOA>
X-ME-Proxy: <xmx:L-IFW5mhc_o-OoraK6RAtk8cO53RbJqF-E_aow9DxG0Upjujh7I4lw>
X-ME-Proxy: <xmx:L-IFWzRV6H-WDkRuKWvUymGp_mRmIe0P8OY7e4sfnzRe48NSCtSMyA>
X-ME-Proxy: <xmx:L-IFW2yG1dUvOGpUxNbpqh0_CaeUWnNjKi5MoEpM8QtZnEEVlQ6Fgw>
X-ME-Proxy: <xmx:L-IFW9L4eSjeCkb1cHx8EpqPSk8JtcSkLPv-GL0wVsdQgKaF6BvPtw>
X-ME-Proxy: <xmx:L-IFWzKHWrhIT0G0NW1c3kS23xSrYjb4avI-xgVV1UqniZAScqkpSw>
X-ME-Sender: <xms:L-IFW6FbLX6n77LvMwktvqJh2-3uKr8BSxCiajivPDj3L1FDhyRKmQ>
Received: by mailuser.nyi.internal (Postfix, from userid 99)
 id 3E226BA780; Wed, 23 May 2018 17:50:39 -0400 (EDT)
Message-Id: <1527112239.2299907.1382666480.10A4B020@webmail.messagingengine.com>
From: Mark Felder <feld@FreeBSD.org>
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-a224ff37
References: <1527111631.2205598.1382649664.0BF85F15@webmail.messagingengine.com>
In-Reply-To: <1527111631.2205598.1382649664.0BF85F15@webmail.messagingengine.com>
Subject: Re: Default password hash, redux
Date: Wed, 23 May 2018 16:50:39 -0500
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 21:50:40 -0000



On Wed, May 23, 2018, at 16:40, Mark Felder wrote:
> Additionally, making password hashing more
> 

Mailman came to the door and my barking dog interrupted my train of thought :-)

I believe what I was going for was in reference to the bugzilla report, so I'll try again:

Additionally, making password hashing more configurable/pluggable gives us more room to experiment with implementing new hashes and makes it easier to solve these problems. It appears that the patch languishing in bugzilla would help alleviate this issue.

-- 
  Mark Felder
  ports-secteam & portmgr member
  feld@FreeBSD.org