From owner-freebsd-security@FreeBSD.ORG  Mon Jun 11 14:00:16 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 491C91065670
	for <freebsd-security@freebsd.org>;
	Mon, 11 Jun 2012 14:00:16 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
	by mx1.freebsd.org (Postfix) with ESMTP id EDF9C8FC08
	for <freebsd-security@freebsd.org>;
	Mon, 11 Jun 2012 14:00:15 +0000 (UTC)
Received: from ds4.des.no (smtp.des.no [194.63.250.102])
	by smtp.des.no (Postfix) with ESMTP id B6B2868B6;
	Mon, 11 Jun 2012 14:00:14 +0000 (UTC)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 758FF9F0A; Mon, 11 Jun 2012 16:00:14 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Mike Tancsa <mike@sentex.net>
References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net>
	<86ipeyp73q.fsf@ds4.des.no> <4FD5CF47.7070800@sentex.net>
Date: Mon, 11 Jun 2012 16:00:14 +0200
In-Reply-To: <4FD5CF47.7070800@sentex.net> (Mike Tancsa's message of "Mon, 11
	Jun 2012 06:58:15 -0400")
Message-ID: <867gvene35.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org
Subject: Re: Default password hash
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 14:00:16 -0000

Mike Tancsa <mike@sentex.net> writes:
> Dag-Erling Sm=C3=B8rgrav <des@des.no> writes:
> > Mike Tancsa <mike@sentex.net> writes:
> > > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ?  Its
> > > currently not there.
> > "not there" as in "not supported by crypt(3)"?
> If you put in sha256|sha512 in passwd_format, the passwd that gets
> chosen is DES, as in Data Encryption Standard, not Dag-Erling Sm=C3=B8rgr=
av
> ;-)

This is non-trivial to fix, as the code that would need to be MFCed
depends on libc changes.  I'm worried about collateral damage from
MFCing those changes.

It may be possible to backport the sha2 code.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no