Date: Thu, 27 Feb 2014 20:28:42 -0500 From: Allan Jude <freebsd@allanjude.com> To: FreeBSD Current <freebsd-current@freebsd.org> Subject: Feature Proposal: 'rounds' tuneables for crypt() algorithms Message-ID: <530FE64A.4090808@allanjude.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Wi4VtxjiROCroSTRqwtBResvJkNuRvOgb Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Currently, you can change the password hashing algorithm used by crypt() with the passwd_format in /etc/login.conf However, as far as I could find, you cannot change the number of 'rounds', the dynamic adjustment factor using in bcrypt, and sha256crypt, and sha512crypt. bcrypt uses a log number, the default is 4 (so 2^4 rounds). The minimum is currently 4, and the maximum 31 sha256 and sha512crypt default to 5000, with a minimum of 1000 and a maximum of 999999999 OpenBSD implements this in login.conf with 'localcipher' similar to our 'passwd_format', except it takes an optional 2nd parameter, the number of log2() rounds. Arch implements this in pam_unix with rounds=3D For compatibility, it might make most sense to use a separate variable rather than adding the optional parameter to the existing passwd_format, so older boxes do not choke on it. Thoughts? --=20 Allan Jude --Wi4VtxjiROCroSTRqwtBResvJkNuRvOgb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTD+ZNAAoJEJrBFpNRJZKfmXsQAMAwqeYCixRTqjZ9OU1N8bSz B4W5kwjFNC7jCr2p/7ann3EXKFvFowa6WREzBlaVrD/FEhX4xpkp4+lk1xmp72ys i+O+WuwbmAeZGJsUpuO0yJ9UEHHoCCerwlU+3RyXvBSB0QSEB3pPE/d88K0tHhEa vIRWSWCiESbcNvmZzVtR4cLEgXFGqbbrDH+e7PLJAleXMvMepyU0s6iaHduWMifQ em6zYeZic54Q7uwipd6HQV0uD4j3IlDoFhb/+Tfph11PIaLguOispLV4WkrvCHnE TpSM+HAKs2HqWuBchuCUEiuMZjlVf96nab3jW4xfJMNTRedA35do2Eam8NuUBkvg 7L5RQUG9q3jLUTNOtjE0kyVBSGczuk6iIp5rN+e/33XPxb6Tl82Ua7YKNpzzQ/6C xDc89oB2+7mcbuH2MUJwTPM6PD8dZTA7YmuAQ1j0058AVd+MNb4/D2zyxkJYpQhm xQ0Pij4hNCEPJOf8tOpjv7wny3HZyN3MSKVmx9lih+KwSTRrxlxCsalKrnO1aiu2 AabTFT3Ynsim1mV9p2feaqn91+Xm/snDWfYkovPZjuGyykZGxa4bjJ68S/GUo0Rn GfEUMTiwP3dCyet8wjl+zQv4OdEJUXTF/jd+fDk56nZXdOdULlS1jxZDIXvdOlXW +q3Dv9kZlTKBcoyssLIn =cuN7 -----END PGP SIGNATURE----- --Wi4VtxjiROCroSTRqwtBResvJkNuRvOgb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530FE64A.4090808>