From owner-freebsd-security@FreeBSD.ORG  Fri Jan 29 00:23:37 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4F03E106566C
	for <freebsd-security@freebsd.org>;
	Fri, 29 Jan 2010 00:23:37 +0000 (UTC) (envelope-from dan@obluda.cz)
Received: from smtp1.kolej.mff.cuni.cz (smtp1.kolej.mff.cuni.cz
	[78.128.192.10])
	by mx1.freebsd.org (Postfix) with ESMTP id D1BEF8FC13
	for <freebsd-security@freebsd.org>;
	Fri, 29 Jan 2010 00:23:36 +0000 (UTC)
X-Envelope-From: dan@obluda.cz
Received: from kgw.obluda.cz (kgw.obluda.cz [193.179.199.50])
	by smtp1.kolej.mff.cuni.cz (8.14.3/8.14.3) with ESMTP id o0SNXPkp064385;
	Fri, 29 Jan 2010 00:33:26 +0100 (CET) (envelope-from dan@obluda.cz)
Message-ID: <4B621EC5.3030400@obluda.cz>
Date: Fri, 29 Jan 2010 00:33:25 +0100
From: Dan Lukes <dan@obluda.cz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.9.1.7) Gecko/20100115 SeaMonkey/2.0.2
MIME-Version: 1.0
To: Mike Andrews <mandrews@bit0.com>
References: <20100128182413.GI892@noncombatant.org>	<20100128135410.7b6fe154.wmoran@collaborativefusion.com>	<20100128193941.GK892@noncombatant.org>	<20100128151026.5738b6c1.wmoran@collaborativefusion.com>	<20100128201857.GP892@noncombatant.org>
	<4B620DAC.4080608@bit0.com>
	<alpine.BSF.2.00.1001281738110.43056@beast.int.bit0.com>
In-Reply-To: <alpine.BSF.2.00.1001281738110.43056@beast.int.bit0.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org
Subject: Re: PHK's MD5 might not be slow enough anymore
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2010 00:23:37 -0000

On 01/28/10 23:44, Mike Andrews:
>> all my password hashes are in the format "$2a$04$salthash" -- with the "04"
>> being the (default) number of rounds of Blowfish to run

> There is probably a login.conf knob to raise the default number of
> rounds beyond 2^4.

No. The standard way of password change flow trough pam_unix.c.

It call crypt(new_pass, salt) where salt is pseudo-random sequence. As 
such salt doesn't start with a magic, the default algorithm is selected. 
If it si blowfish, then crypt_blowfish(key, salt) is called.

As the random salt doesn't start with $2a$ magic it is not considered to 
be '$2a$nn$salt'-like string. Then default number (04) is used all the 
times.

						Dan