From owner-freebsd-security@FreeBSD.ORG Mon Jun 11 08:48:16 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D87751065673 for ; Mon, 11 Jun 2012 08:48:16 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 99A538FC15 for ; Mon, 11 Jun 2012 08:48:16 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 4F76167AC; Mon, 11 Jun 2012 08:48:10 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 261429EC1; Mon, 11 Jun 2012 10:48:10 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Mike Tancsa References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> Date: Mon, 11 Jun 2012 10:48:09 +0200 In-Reply-To: <4FD334BE.4020900@sentex.net> (Mike Tancsa's message of "Sat, 09 Jun 2012 07:34:22 -0400") Message-ID: <86ipeyp73q.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jun 2012 08:48:16 -0000 Mike Tancsa writes: > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there. "not there" as in "not supported by crypt(3)"? > http://phk.freebsd.dk/sagas/md5crypt_eol.html That blog entry is (partly) why I suggested this change. I think phk is being overly pessimistic, but there is no reason not to switch to sha512 when a) it's indubitably stronger and b) that's what the rest of the world uses. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no