From owner-freebsd-current@FreeBSD.ORG Fri Feb 28 21:32:53 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2929A2B6 for ; Fri, 28 Feb 2014 21:32:53 +0000 (UTC) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F40C61A9E for ; Fri, 28 Feb 2014 21:32:52 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id EB711B941; Fri, 28 Feb 2014 16:32:51 -0500 (EST) From: John Baldwin To: freebsd-current@freebsd.org Subject: Re: Feature Proposal: Transparent upgrade of crypt() algorithms Date: Fri, 28 Feb 2014 16:14:03 -0500 User-Agent: KMail/1.13.5 (FreeBSD/8.4-CBSD-20130906; KDE/4.5.5; amd64; ; ) References: <530FE2E9.5010902@allanjude.com> <5310C47D.3030708@allanjude.com> In-Reply-To: <5310C47D.3030708@allanjude.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <201402281614.03713.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Fri, 28 Feb 2014 16:32:52 -0500 (EST) Cc: Nick Hibma X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Feb 2014 21:32:53 -0000 On Friday, February 28, 2014 12:16:45 pm Allan Jude wrote: > On 2014-02-28 10:07, Nick Hibma wrote: > >=20 > > On 28 Feb 2014, at 02:14, Allan Jude wrote: > >=20 > >> With r262501 > >> (http://svnweb.freebsd.org/base?view=3Drevision&revision=3D262501) imp= orting > >> the upgraded bcrypt from OpenBSD and eventually changing the default > >> identifier for bcrypt to $2b$ it reminded me of a feature that is often > >> seen in Forum software and other web apps. > >> =E2=80=A6 > >> This would make it much easier to transition a very large userbase from > >> md5crypt to bcrypt or sha512crypt, rather than expiring the passwords = or > >> something. > >=20 > > The sleeping accounts won=E2=80=99t be upgraded, so be left at the =E2= =80=98insecure=E2=80=99=20 algorithm. I do see the point of automatic updating of password hashes for = a=20 newer algorithm, but =E2=80=98not needing expiry=E2=80=99 isn=E2=80=99t the= right argument. It is=20 actually an argument opposing your change! > >=20 > > What you probably meant was: don=E2=80=99t hassle users with the change= in=20 algorithm, possibly only the users that haven=E2=80=99t ever logged in afte= r 6 months. > >=20 > > Nick > >=20 >=20 > The algorithm upgrade would upgrade everyone, including people who > changed their password just 5 days ago. If an account is dormant, and > never logs in, even a password expirey wouldn't force a password change, > because the user never logs in. >=20 > To better rephrase my point, the goal is to avoid having to adjust every > users password expirey to yesterday, in order to force them all to set > new passwords. I think Nick's point is you do want passwords using the "old" hash to expire are some point if they haven't been auto-converted. =2D-=20 John Baldwin