Date: Sat, 2 Jun 2018 11:20:32 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Mark Felder <feld@FreeBSD.org>, freebsd-security@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Subject: Re: Default password hash, redux Message-ID: <20180602182032.GK4982@funkthat.com> In-Reply-To: <86vab4ydja.fsf@next.des.no> <20180527231418.GG4982@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I believe that there are patches/review for making the default password > hash algorithm configurable via login.conf or something similar.. so some > of the work has already been done.. > > > I'd also like to see us to pull in scrypt if cperciva doesn't have any objections. It's good to have options. > > Yes, pulling in scrypt and/or argon2 is a great idea... > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" Dag-Erling Smrgrav wrote this message on Thu, May 31, 2018 at 00:38 +0200: > John-Mark Gurney <jmg@funkthat.com> writes: > > I believe that there are patches/review for making the default password > > hash algorithm configurable via login.conf or something similar... > > You mean like r64918? No, I don't. Sorry, I wasn't specific enough in my comment, but you also dropped the context of that statment: John-Mark Gurney wrote this message on Sun, May 27, 2018 at 16:14 -0700: > Mark Felder wrote this message on Wed, May 23, 2018 at 16:40 -0500: > > In light of this new article[2] I would like to rehash (pun intended) this conversation and also mention a bug report[3] we've been sitting on in some form for 12 years[4] with usable code that would make working with password hashing algorithms easier and the rounds configurable by the admin. > > I'd like to see it set where we set a time, say 50ms or so, and on each > boot, we set the rounds based upon this. (obviously configurable), w/ a > minimum maybe for slower systems... This allows us to autoscale to faster > cpu systems... r64918 does not allow you to set default number of rounds... there is a patch in bugzilla or phabricator that allows you to set this.. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180602182032.GK4982>