FreeBSD Mail Archives

Date:      Fri, 7 Mar 2014 16:52:23 -0500
From:      "A.J. Kehoe IV (Nanoman)" <nanoman@nanoman.ca>
To:        Allan Jude <freebsd@allanjude.com>, secteam@FreeBSD.org
Cc:        freebsd-current@freebsd.org
Subject:   Re: Feature Proposal: Transparent upgrade of crypt() algorithms
Message-ID:  <20140307215223.GB49137@nanocomputer.nanoman.ca>
In-Reply-To: <531A2CC1.8080802@allanjude.com>
References:  <2167732.JmQmEPMV2N@desktop.reztek> <201403070913.30359.jhb@freebsd.org> <5319DE84.3040602@allanjude.com> <20140307161313.GA49137@nanocomputer.nanoman.ca> <531A2CC1.8080802@allanjude.com>


[-- Attachment #1 --]
Allan Jude wrote:
>On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
>> Allan Jude wrote:
>>
>> [...]
>>
>>> Honestly, my use case is just silently upgrading the strength of the
>>> hashing algorithm (when combined with my other feature request).
>>> Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
>>> applies for the default sha512, maybe I want to update to rounds=15000
>>
>> Like this?
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=182518
>>
>> Request for comments:
>>
>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903
>>
>
>This looks like what we wanted. In the feedback you talked about some
>changes to your patch required to make it work, is there any progress on
>those?

Derek's patches worked perfectly for our needs, but we're the sort of people who use vipw and our own utilities for user management.  It wasn't until later that we discovered at least one other file would need patching to satisfy everyone.  We didn't want to employ the same copy-pasta method, so we asked for feedback about our proposed alternative.

secteam@, do you have any comments?  Before we put any more work into this, we want to be sure that our proposal is an acceptable one.

-- 
A.J. Kehoe IV (Nanoman)     |  /"\  ASCII Ribbon Campaign
Nanoman's Company           |  \ /   - No HTML/RTF in E-mail
E-mail: nanoman@nanoman.ca  |   X    - No proprietary attachments
WWW: http://www.nanoman.ca/ |  / \   - Respect for open standards

[-- Attachment #2 --]
0�P	*�H��
��A0�=10	+0	*�H��
���0�w0�_���0
	*�H��

0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org0
140224170909Z
140823170909Z0=10UCAcert WoT User1!0	*�H��
	nanoman@nanoman.ca0�"0
	*�H��
�0�
��VDj�
@�[H}����K�4��٪�:�C�J�yc��k�Xm�i��
~��F6��x�1�JoeHQL`�w&.��P��H"w�}��|��oѬݘ2r6���ڛ?�
p���	.����y�a�w� �Nc��^�ʽ��h��N��mH�o$��l��sB1h���X�y�
��XU���ş������k�ք�))�Rn�Z�g_�Î��h�c$u��^��SϏ�d�moA�#k�����>��x����;�As���B0�>0U�00V	`�H��B
IGTo get your own certificate for FREE head over to http://www.CAcert.org0U��0@U%907++
+�7

+�7
	`�H��B02+&0$0"+0�http://ocsp.cacert.org01U*0(0&�$�"� http://crl.cacert.org/revoke.crl0U0�nanoman@nanoman.ca0
	*�H��

��h�\M�����Dm�5�K�8�brO/;���>��1��Sl���(,M~P�*�S�C���@6���,~�̞�C(h��ܫcIN����N&��g�G͖�1���+L���=��)�����V�j7���$�`J�r���7w�!2G����.�b�F�컘0��!7sΠ�qS���I�[)8�kF�ty��I&��֛�$��S��]�S�����DKQ��I=OvS�X�ҫY�J.M�s&�>.ߋFU#����<����1�ɭe4B��^�KQ�@��w�j�������*y����
����=�3��D��1^|�N�S�63𠢬���Ds��e�����Ґ�#�7�E3W�RL{+I�~}�崋� Jj�.��BN���m{���m�tM�л�P7�.|M�'q�*��fkaՊ�	d	@,U�d,E��@�q�������������(�G�E���D�;J��:hN��^�S�$��pX��W�R]r%�H�0�=0�%�0
	*�H��
0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org0
030330122949Z
330329122949Z0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org0�"0
	*�H��
�0�
��"��F}�6(P��3@�K�;f?1�k6��|��Nw6A��	��F�s`�n~��Xd�Ͱ�Ec�g
��ҿ>���L���5]l!ޞ ٺ�f27r�����XɎ�^�>��
l��[df*z�KSy���{�/
a+��~MV���ڒ��DAX`ef��D�˔�B~�eh�Q������W��kz��r�%[ ���2�H��.0B�%�k?�:��SH��Ҷ���4��zX+[�8��]fɘמ����t��qr`��o�3��4v>$z���o�E8G��A�J�����.�	�Yת�ғ}h.݋K�X�/�ꕧ��T���ۋQ"��þ�,����x� ӊ/?��Qe�!�eE��|�ALO)�!�3uQ�w�������i�"�Ṕ1�{8�h[�+�~�_���rL��K ���Wʑ��u!7�c
g>FOp g���Y�����ͺb��A�� �)�d)B�"�x��C�	QKZZ�q���s�����0��0U�2������Ұ:�9�0��U#��0����2������Ұ:�9ѡ}�{0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org�0U�0�02U+0)0'�%�#�!https://www.cacert.org/revoke.crl00	`�H��B#!https://www.cacert.org/revoke.crl04	`�H��B'%http://www.cacert.org/index.php?id=100V	`�H��B
IGTo get your own certificate for FREE head over to http://www.cacert.org0
	*�H��
�(��\��5
�o�j���h��X�>��ÐZ��`��C��p��b����gX
06;�H��t�q>�+h�4b@F;S�(���f�S�M]�;�`��yi;�e��Ɓ�\���M���U��7���pa�j|���.T>O!���܂���E�M�s<�e��v��j��7$��NmQ��ďʖm�C��0e';{�CCc�C���h���"���{Z>7;����N˛͚�۲p�-J�ذ�oEH3��<2*T������#�G�dzq���c�~�/��ܟ+����H%���B���>�W���i�w4
K�ʠ�ƌ����27hs_�Q�IS6
�L�y��:u���
pg���/��y��=�s���o�g��/�$�{�H5)@��`ᖆP�zY؏!�ς��;�k����V#��l��H<��N���/	�So.�t�:c�¦�����D�
��l�$����pG.��Բ 	��d�$ܡ5��ԼU.}��U�Z֓�v�%sL�C1�\0�X0��0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
140307215223Z0#	*�H��
	1hÁc��0O�&�>�q���%�0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0
	*�H��
�Xz.����$nPN���K�ÄPB�j��J
��XяI�D4��U"ogu����Jt��!%�Ip*�_�rԳ��_)2��Cc�AV��b`���YJ�������ݟ��V�G���UG���_9�8x������p�e��ax��UIdb���+lG�Åvz���ԚK>������1��)P�-��[�q#�3�X!S���	�H.�����1�$e6e�w[
Ɨ�Xa�3�aO�0��l����Q���V��Dߣhv

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140307215223.GB49137>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation