Date: Mon, 01 Feb 2010 14:25:50 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore Message-ID: <86sk9l5bq9.fsf@ds4.des.no> In-Reply-To: <4B621EC5.3030400@obluda.cz> (Dan Lukes's message of "Fri, 29 Jan 2010 00:33:25 %2B0100") References: <20100128182413.GI892@noncombatant.org> <20100128135410.7b6fe154.wmoran@collaborativefusion.com> <20100128193941.GK892@noncombatant.org> <20100128151026.5738b6c1.wmoran@collaborativefusion.com> <20100128201857.GP892@noncombatant.org> <4B620DAC.4080608@bit0.com> <alpine.BSF.2.00.1001281738110.43056@beast.int.bit0.com> <4B621EC5.3030400@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Lukes <dan@obluda.cz> writes: > Mike Andrews <mandrews@bit0.com> writes: > > There is probably a login.conf knob to raise the default number of > > rounds beyond 2^4. > No. The standard way of password change flow trough pam_unix.c. > > It call crypt(new_pass, salt) where salt is pseudo-random sequence. As > such salt doesn't start with a magic, the default algorithm is > selected. If it si blowfish, then crypt_blowfish(key, salt) is called. Mike is mostly right and you are mostly wrong. The default algorithm is indeed controlled by login.conf and auth.conf, although there is no way to specify the number of rounds. DES -- Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86sk9l5bq9.fsf>