From owner-freebsd-security@FreeBSD.ORG  Mon Jun 25 10:36:02 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8AAFC106564A
	for <freebsd-security@freebsd.org>;
	Mon, 25 Jun 2012 10:36:02 +0000 (UTC) (envelope-from azet@azet.org)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 1755B8FC19
	for <freebsd-security@freebsd.org>;
	Mon, 25 Jun 2012 10:36:01 +0000 (UTC)
Received: by wgbds11 with SMTP id ds11so3731608wgb.31
	for <freebsd-security@freebsd.org>;
	Mon, 25 Jun 2012 03:36:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type:content-transfer-encoding:x-gm-message-state;
	bh=mEP6kVM6RFBp2mDXMTdtGNQ6VrmzMcvQLbjx/n3DTxk=;
	b=CLbI8gd+w7YfMuKgBFFEDoLJFVeepiLq/cXzvXbI6BAdalV0OleGBsnUfBwBBkgYLH
	KkWvy/XNRXyHRUEq9FDSrEmkP3uoVOE5Z4Pooz3kw4bAKdLKQoc6z2mTduHjk3MxS/jr
	X4Jk7gRPnPq0/FHoGeh234QJW2DYFr6ZyNL/wqnrcAJP/Y4TQS5EoipXt2S+NV945faS
	y/HfV9QPK6Cs2cNy6b+RVq1AoQOl3CfPrNgFaJ+LEoEPMXFTLHg1AMGDO9vBbmHWYlNG
	0syNdi9kVPuqREEW1kBURhupKGooX9B4WXmJ9ENhDM6fLMegMFt2nKWcywfEcHCnN3ja
	mHFw==
MIME-Version: 1.0
Received: by 10.180.79.229 with SMTP id m5mr23536033wix.13.1340620560903; Mon,
	25 Jun 2012 03:36:00 -0700 (PDT)
Received: by 10.194.32.6 with HTTP; Mon, 25 Jun 2012 03:36:00 -0700 (PDT)
In-Reply-To: <CAN8NK9EzrM-0QE9K=vLyuf7UCh=WKcFZRS8vsnL=cEcrtjeMkQ@mail.gmail.com>
References: <CAASvXNt7oT4g9YaNtMyheMkFyb_0ASfD-ErvCfJBRpuPqkrEwQ@mail.gmail.com>
	<CAJcQMWfrVbDUOp0-Qi48V0kBrwrHx8P98XX7U3NASLY08RKEmA@mail.gmail.com>
	<CAC8HS2FAzkLiN1Km-hCSWV9wWvm40tmqsA=61NDEA0WnnkswjQ@mail.gmail.com>
	<CAGDxMR7_wEus5zTpP8PNPkNrouO+yFu49J++bzPN4ZfEkuhDtA@mail.gmail.com>
	<CAN8NK9EzrM-0QE9K=vLyuf7UCh=WKcFZRS8vsnL=cEcrtjeMkQ@mail.gmail.com>
Date: Mon, 25 Jun 2012 10:36:00 +0000
Message-ID: <CAN8NK9FQYbpXLP3mB_J91b9AU_n1SVe=qj6gdnJV0z63TOkMiQ@mail.gmail.com>
From: Aaron Zauner <azet@azet.org>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQml4NHyIJ5bDg5rbdsX4v2uw3NTVT+Xifr3xorI+F59Dt+t3JOlYj5SY704516m8d8av3Nu
Subject: Fwd: Default password encryption method.
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2012 10:36:02 -0000

so what about bcrypt?

http://en.wikipedia.org/wiki/Bcrypt

On Thu, Jun 21, 2012 at 7:38 PM, Aaron D. Gifford <astounding@gmail.com> wr=
ote:
> On Tue, Jun 19, 2012 at 12:14 PM, Simon L. B. Nielsen <simon@freebsd.org>=
 wrote:
> ..snip...
>> The FreeBSD Security Team is also looking at (/poking people to look at)
>> solutions which will improve the the time it takes to brute force passwo=
rds
>> significantly more.
>>
>> --
>> Simon
>
> I'd love to see PBKDF2 as a password hashing method. Yes, it's meant
> for deriving key material, but it can function similarly. =C2=A0It has th=
e
> flexibility of allowing different hashes being used for the HMAC PRNG
> portion, and the ability to vary/specify the number of iterations.
> No, it's not memory complex like scrypt, but personally I prefer to
> not yet have memory usage involved. =C2=A0I could foresee PBKDF-HMAC-SHA5=
12
> or PBKDF-HMAC-SHA256. =C2=A0I would select the quantity of output to matc=
h
> the hash size selected (i.e. if I use HMAC-SHA512 for the PRNG portion
> of PBKDF2, I would have PBKDF2 generate 512 bits of output to store in
> my password database).
>
> PBKDF2(pseudo-random-function, password, salt, iterations, output-size)
>
> I'd offer HMAC-SHA256 and HMAC-SHA512 initially for the
> pseudo-random-function parameter.
>
> And I'd select output-size as mentioned above, 256 bits for HMAC-SHA256, =
etc.
>
> As for iterations, how hard would it be to allow for more variation in
> the base-64 encoded salt field in the master password database such
> that for a PBKDF2 scheme, the field used as salt would actually be
> three fields, an 4-bit pseudo-random-function selector and a 32-bit
> unsigned integer number of iterations (or 36 bits, which base-64
> encoded would be 6 characters) followed by a variable length salt
> (i.e. any length permitted by the master password database structure
> up to the '$' character delimiter)?
>
> Or one could simply define separate algorithms for each PRF
> (pseudo-random-function) available.
>
> But, storing the number of iterations with the stored salt has the
> benefit of not requiring a new algorithm be defined when one wants to
> increase the default security level of hashed passwords. =C2=A0One merely
> need to change a system setting to default to use more iterations.
> And password databases from other systems with a higher or lower
> setting would still be readable and usable.
>
> Brainstorming session over... for now.
>
> Aaron out.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"