From owner-svn-src-head@FreeBSD.ORG  Tue Jun 19 17:17:26 2012
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 1033)
	id 1E004106566B; Tue, 19 Jun 2012 17:17:26 +0000 (UTC)
Date: Tue, 19 Jun 2012 17:17:26 +0000
From: Alexey Dokuchaev <danfe@FreeBSD.org>
To: Chris Rees <utisoft@gmail.com>
Message-ID: <20120619171726.GA72257@FreeBSD.org>
References: <201206191446.q5JEkJTY050836@svn.freebsd.org>
	<20120619161320.GA54109@FreeBSD.org>
	<CADLo838XD7uf798uaQhx6zAEP86QbqcKByZrn+5qn+TUyztT-g@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <CADLo838XD7uf798uaQhx6zAEP86QbqcKByZrn+5qn+TUyztT-g@mail.gmail.com>
User-Agent: Mutt/1.4.2.1i
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org, Dag-Erling Smorgrav <des@freebsd.org>
Subject: Re: svn commit: r237269 - in head: etc lib/libutil
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2012 17:17:26 -0000

On Tue, Jun 19, 2012 at 05:21:13PM +0100, Chris Rees wrote:
> On Jun 19, 2012 5:15 PM, "Alexey Dokuchaev" <danfe@freebsd.org> wrote:
> > Pardon my possible unawareness, but was this change discussed anywhere?
> 
> http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html

Thanks for the link, I didn't check -security@ for some reason.

> > I understand the rationale to move away from MD5, but reasons for SHA512
> > seem moot.  I've personally had been using Blowfish for password hashes
> > since OpenBSD switched to it, for example, as fast and apparently reliable
> > hash.  Is there anything wrong with it?  Why SHA512 is clear winner here?
> > FWIW, ports use SHA256 for now.  Could it be that switch to SHA512 will
> > impose performance problems?
> 
> Why would you want password matching to be fast?  That makes brute-forcing
> easier.

Maybe I don't.  I just want to know if I should switch from Blowfish to
SHA512.  It seems that the former is quite popular judging from discussion
link given above.  It also seems that des@' rationale for the switch boils
down to "I vastly prefer sha512 to blf, as that is what the rest of the
world uses."  If there's nothing wrong with Blowfish, I guess I'll stick to
it as I prefer compatibility among *BSD to some weird Unix clones.  :-)

./danfe