From owner-freebsd-current@FreeBSD.ORG Fri Mar 7 22:06:45 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 130AA5E6; Fri, 7 Mar 2014 22:06:45 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8DCCA386; Fri, 7 Mar 2014 22:06:44 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [69.198.165.132]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id F3B4114D19; Fri, 7 Mar 2014 14:06:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1394230004; bh=kaxW7FLvW8+GLzP52+0VXt/uvyw0FDVgreQSAfxiTSI=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=sFJHvcmoIYgSOmV6UJ8wfjEVQlaZLqSVaOkITE7RJd9iaFd6A04mkV9Z06+ddWq1t z1URS1Xt52+Ql7udRyAcPzk6dj0MraXLZjEynUIVZMPCwlZHgPVZgeWbhBMUN8Kdin WSWhl/HpuCC9OVWPl/wCBl2DE/MUR2yDTIiLH260= Message-ID: <531A42F3.5020207@delphij.net> Date: Fri, 07 Mar 2014 14:06:43 -0800 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: nanoman@nanoman.ca, Allan Jude , secteam@FreeBSD.org Subject: Re: Feature Proposal: Transparent upgrade of crypt() algorithms References: <2167732.JmQmEPMV2N@desktop.reztek> <201403070913.30359.jhb@freebsd.org> <5319DE84.3040602@allanjude.com> <20140307161313.GA49137@nanocomputer.nanoman.ca> <531A2CC1.8080802@allanjude.com> <20140307215223.GB49137@nanocomputer.nanoman.ca> In-Reply-To: <20140307215223.GB49137@nanocomputer.nanoman.ca> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 22:06:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote: > Allan Jude wrote: >> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote: >>> Allan Jude wrote: >>> >>> [...] >>> >>>> Honestly, my use case is just silently upgrading the strength >>>> of the hashing algorithm (when combined with my other feature >>>> request). Updating my bcrypt hashes from $2a$04$ to $2b$12$ >>>> or something. Same applies for the default sha512, maybe I >>>> want to update to rounds=15000 >>> >>> Like this? >>> >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=182518 >>> >>> Request for comments: >>> >>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903 >>> >> >> This looks like what we wanted. In the feedback you talked about >> some changes to your patch required to make it work, is there any >> progress on those? > > Derek's patches worked perfectly for our needs, but we're the sort > of people who use vipw and our own utilities for user management. > It wasn't until later that we discovered at least one other file > would need patching to satisfy everyone. We didn't want to employ > the same copy-pasta method, so we asked for feedback about our > proposed alternative. > > secteam@, do you have any comments? Before we put any more work > into this, we want to be sure that our proposal is an acceptable > one. > Did you mean adding rounds capability, or transparent upgrade of crypt() algorithms, or both? I need some time to digest the whole transparent upgrade idea but in general I think it's good. Speaking for adding rounds, the only problem that needs to be fixed is that the proposed patch makes it possible to create conflicting configuration (passwd_format and passwd_modular can use different hashing algorithms) and need to be fixed and polished. I like the idea of making it possible to use more rounds though. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTGkLzAAoJEJW2GBstM+nsaVoP/017iARGzd++lCsfqyFDozGk nXJjatlrIcRjrbCmVRT0lsHiK/hoYJ4zZPeOu8EXU1Qs0/wggGHYePX7+zEVob2S YCxhqUOdG/jqrHnH8bljzWE/OtI7Y4PvFOLpsWkOE/uulssQfGDMSy8WJzFriqzv GXjAEyFrGXCT29gW6ozTRfDfPSOfd4MhwewbMYAUykSqucMfkG4FaDAgLxv/XdRi YmLQZuxxTzEqMYanZGq/0e5CvOwOuncd0aVxncJC8ZRcsHs5cqbzcyDkkRwvw/YU g1OsLXiO08zej0rOz1E4pud8O6q3unG5dNcz9Y96oNo0fJONMrk9IetCUCHBsR8N eyWJQyHL7wwwNlC5k8U9cOnsL3zxBv54N6bfWuWNNDpJmNrvgMr9LdPso+AX0gLD y4RhVJeLCQbLrkQawoM1+Ki5N0mQibk9BBGXH/ZPScP1pNqVt9tqXp94N5ZPLV54 Uu4cn/2uKjtTjl76YFlCTvfwwiuWgds1k6CnKZIW8luOp4cG5XOoOSztONqWr6S/ yd7SLDV4f8PC7Fi1iSkSuVW5MYz1I7RRVR1Z27oV3e3UwXwIgqRjHJawNZqIgVe1 4lk84+fm75ULLfiA6bgkMCjylyWHCzrdOQt/Zx+0vyZOer5x2p4gZmnYAyV2EQIP TM611j1UES6OUGFkfbWa =4Qur -----END PGP SIGNATURE-----