From owner-svn-src-all@FreeBSD.ORG Tue Jun 19 16:21:16 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55C97106564A; Tue, 19 Jun 2012 16:21:16 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1E3528FC08; Tue, 19 Jun 2012 16:21:14 +0000 (UTC) Received: by bkvi18 with SMTP id i18so6610821bkv.13 for ; Tue, 19 Jun 2012 09:21:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AHOOm6WRNMaGmwpHbpgLcK1f5MEV6lxX7+yzhirkTbw=; b=pnSCNfJ6MUbI1gZexsVGaaqA/5LOlLOdRzA+NsoEAVFbuQAVoF0JsztQQQVgnAOZv5 aAuJhxLl4mMOtSLmtzJphULC6Z8UjJIjFS7ozPP1SgAXqYaHyvSypT7WJWzeZuI1Aavj l6+iHxiACOpJ2taffyCLUWFouYP4llZHYhuNpsuIMX0pJ48FxE0jSzKdt8l0ie5rHJtw AvMltMfI+sPBufAplAhNSOYSHAkioDV5QRTaF9rU39i9bR4CmmAWkW2SkV6PuYKMMGdP kxg/YKUVguu6YJ60v7kAGo0K2YOStJwViMN4CV1ghLHpt+wBF1KTcInT88tMNUFc3T9v tY7w== MIME-Version: 1.0 Received: by 10.204.153.15 with SMTP id i15mr52711bkw.74.1340122874110; Tue, 19 Jun 2012 09:21:14 -0700 (PDT) Received: by 10.204.171.138 with HTTP; Tue, 19 Jun 2012 09:21:13 -0700 (PDT) Received: by 10.204.171.138 with HTTP; Tue, 19 Jun 2012 09:21:13 -0700 (PDT) In-Reply-To: <20120619161320.GA54109@FreeBSD.org> References: <201206191446.q5JEkJTY050836@svn.freebsd.org> <20120619161320.GA54109@FreeBSD.org> Date: Tue, 19 Jun 2012 17:21:13 +0100 Message-ID: From: Chris Rees To: Alexey Dokuchaev Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Dag-Erling Smorgrav Subject: Re: svn commit: r237269 - in head: etc lib/libutil X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 16:21:16 -0000 On Jun 19, 2012 5:15 PM, "Alexey Dokuchaev" wrote: > > On Tue, Jun 19, 2012 at 02:46:19PM +0000, Dag-Erling Smorgrav wrote: > > Author: des > > Date: Tue Jun 19 14:46:18 2012 > > New Revision: 237269 > > URL: http://svn.freebsd.org/changeset/base/237269 > > > > Log: > > Switch the default password hash from md5 to sha512. > > Pardon my possible unawareness, but was this change discussed anywhere? http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html > I understand the rationale to move away from MD5, but reasons for SHA512 > seem moot. I've personally had been using Blowfish for password hashes > since OpenBSD switched to it, for example, as fast and apparently reliable > hash. Is there anything wrong with it? Why SHA512 is clear winner here? > FWIW, ports use SHA256 for now. Could it be that switch to SHA512 will > impose perfomance problems? Why would you want password matching to be fast? That makes brute-forcing easier. Chris