Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Nov 1999 10:20:21 -0800 (PST)
From:      Kris Kennaway <kris@hub.freebsd.org>
To:        Nicholas Brawn <ncb@zip.com.au>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Status of Passwords/etc in FreeBSD-stable
Message-ID:  <Pine.BSF.4.10.9911101012470.91213-100000@hub.freebsd.org>
In-Reply-To: <Pine.LNX.4.10.9911101306001.18172-100000@zipperii.zip.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 10 Nov 1999, Nicholas Brawn wrote:

> Couple of questions:
> 1. Does stable support bcrypt or equivalent. If not are there any plans to
>    implement this?

No and yes.

See http://www.physics.adelaide.edu.au/~kkennawa/crypt-990725.tar.gz

which is a replacement libcrypt which supports external plug-in crypt
"modules" (openbsd-style bcrypt is included). I really need to check
whether that tarball actually compiles - someone told me a while ago I
left out a header file.

This is a WIP, and in particular will not allow external modules to be
used for statically-linked binaries (just the two historical formats: MD5
and DES). This is a limitation of dlopen() which I hope will one day get
resolved (hacking around it would be ugly).

One day when I get time to revisit this and clean it up a bit I plan to
try and import it into -current.

> 2. Is there any moves to centralise password-related configuration to a
>    passwd.conf? Min/Max lengths, etc.

The above code uses login.conf to specify login capabilities about which
password algorithm to use for a user's new password, and any algorithm
parameters (e.g. number of rounds for bcrypt). A separate passwd.conf
would be a bad idea, IMO.

I don't see what you'd need a maximum password length variable for, but
there is already a minpasswordlen capability.

Kris

----
Cthulhu for President! For when you're tired of choosing the _lesser_ of
two evils..



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911101012470.91213-100000>