Date: Mon, 11 Jun 2012 10:12:03 -0400 From: Mike Tancsa <mike@sentex.net> To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <4FD5FCB3.80000@sentex.net> In-Reply-To: <867gvene35.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> <86ipeyp73q.fsf@ds4.des.no> <4FD5CF47.7070800@sentex.net> <867gvene35.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/11/2012 10:00 AM, Dag-Erling Smørgrav wrote: > Mike Tancsa <mike@sentex.net> writes: >> Dag-Erling Smørgrav <des@des.no> writes: >>> Mike Tancsa <mike@sentex.net> writes: >>>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its >>>> currently not there. >>> "not there" as in "not supported by crypt(3)"? >> If you put in sha256|sha512 in passwd_format, the passwd that gets >> chosen is DES, as in Data Encryption Standard, not Dag-Erling Smørgrav >> ;-) > > This is non-trivial to fix, as the code that would need to be MFCed > depends on libc changes. I'm worried about collateral damage from > MFCing those changes. > > It may be possible to backport the sha2 code. Locally, we still have a need to share some passwd files between a couple of RELENG_8 and RELENG_7 boxes. But it might be better to just upgrade the new boxes to 8 if need be. If not, is Blowfish as its currently implemented on RELENG_7 considered strong enough ? There has been some discussion suggesting its not and some that it is. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FD5FCB3.80000>