From owner-freebsd-current Wed Jan 5 22:27:32 2000 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 689A614FC9; Wed, 5 Jan 2000 22:27:31 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 563131CD810 for ; Wed, 5 Jan 2000 22:27:31 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Wed, 5 Jan 2000 22:27:31 -0800 (PST) From: Kris Kennaway To: current@freebsd.org Subject: Advance notice: Removing SHA1 passwords Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tomorrow I plan to remove the support for SHA1 passwords from libcrypt: this was (re-)added silently by Mark Murray a few months ago as part of a cleanup/re-merging of the libcrypt code, and he's already okayed the re-removal. The reason I want to remove this is because I intend to reimplement libcrypt in a more extensible way sometime over the next few months (assuming I can get over/around/under a final hurdle), and I'd prefer not to have any more compatability warts than necessary (if this were to make it into a release we'd have to support it forever). There's no real advantage to using SHA1 passwords anyway, since they're an algorithmically identical format to the default MD5 system, and there's nothing inherently insecure about that one. If anyone has been using SHA1 passwords, now's the time to regenerate them :-) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message