From owner-freebsd-current@FreeBSD.ORG  Mon Mar  3 21:37:17 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 6466FEE0
 for <freebsd-current@freebsd.org>; Mon,  3 Mar 2014 21:37:17 +0000 (UTC)
Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1])
 (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3DCB639C
 for <freebsd-current@freebsd.org>; Mon,  3 Mar 2014 21:37:17 +0000 (UTC)
Received: from jhbbsd.localnet (unknown [209.249.190.124])
 by bigwig.baldwin.cx (Postfix) with ESMTPSA id 30A55B96B;
 Mon,  3 Mar 2014 16:37:16 -0500 (EST)
From: John Baldwin <jhb@freebsd.org>
To: freebsd-current@freebsd.org
Subject: Re: Feature Proposal: Transparent upgrade of crypt() algorithms
Date: Mon, 3 Mar 2014 15:28:19 -0500
User-Agent: KMail/1.13.5 (FreeBSD/8.4-CBSD-20130906; KDE/4.5.5; amd64; ; )
References: <530FE2E9.5010902@allanjude.com>
 <CAF6rxg=MeR9742DjxiRBxjaK=hCN4pZpKL8Tjd+Vq=f75Ym4zA@mail.gmail.com>
In-Reply-To: <CAF6rxg=MeR9742DjxiRBxjaK=hCN4pZpKL8Tjd+Vq=f75Ym4zA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201403031528.19273.jhb@freebsd.org>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
 (bigwig.baldwin.cx); Mon, 03 Mar 2014 16:37:16 -0500 (EST)
Cc: Eitan Adler <lists@eitanadler.com>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 21:37:17 -0000

On Friday, February 28, 2014 4:58:29 pm Eitan Adler wrote:
> On 27 February 2014 20:14, Allan Jude <freebsd@allanjude.com> wrote:
> > With r262501
> > (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
> > the upgraded bcrypt from OpenBSD and eventually changing the default
> > identifier for bcrypt to $2b$ it reminded me of a feature that is often
> > seen in Forum software and other web apps.
> >
> > Transparent algorithm upgrade.
> ...
> 
> I would strongly support this
> 
> > I think Nick's point is you do want passwords using the "old" hash to 
expire
> are some point if they haven't been auto-converted.
> 
> Password expiry is an orthogonal issue and should be up to administrator 
policy.

Yes, but if you are moving to a different algorithm to improve security, not 
coupling it with an eventual expiration of non-migrated accounts gives a false 
sense of security.  Any admin worth his/her salt is going to want the option
of enforcing that sort of policy along with the transparent update.  They 
should really be implemented together is all.

-- 
John Baldwin