From owner-svn-src-all@FreeBSD.ORG  Tue Jun 19 16:13:20 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 1033)
	id 47A0F106566C; Tue, 19 Jun 2012 16:13:20 +0000 (UTC)
Date: Tue, 19 Jun 2012 16:13:20 +0000
From: Alexey Dokuchaev <danfe@FreeBSD.org>
To: Dag-Erling Smorgrav <des@FreeBSD.org>
Message-ID: <20120619161320.GA54109@FreeBSD.org>
References: <201206191446.q5JEkJTY050836@svn.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <201206191446.q5JEkJTY050836@svn.freebsd.org>
User-Agent: Mutt/1.4.2.1i
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org
Subject: Re: svn commit: r237269 - in head: etc lib/libutil
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2012 16:13:20 -0000

On Tue, Jun 19, 2012 at 02:46:19PM +0000, Dag-Erling Smorgrav wrote:
> Author: des
> Date: Tue Jun 19 14:46:18 2012
> New Revision: 237269
> URL: http://svn.freebsd.org/changeset/base/237269
> 
> Log:
>   Switch the default password hash from md5 to sha512.

Pardon my possible unawareness, but was this change discussed anywhere?
I understand the rationale to move away from MD5, but reasons for SHA512
seem moot.  I've personally had been using Blowfish for password hashes
since OpenBSD switched to it, for example, as fast and apparently reliable
hash.  Is there anything wrong with it?  Why SHA512 is clear winner here?
FWIW, ports use SHA256 for now.  Could it be that switch to SHA512 will
impose perfomance problems?

./danfe