Date: Wed, 23 May 2018 17:50:04 -0400 From: Yonas Yanfa <yonas@fizk.net> To: Mark Felder <feld@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: Default password hash, redux Message-ID: <CALJrc1zkJmr29M-8pkuTVtVroh%2Bf=8z53AVmSnhSipAMgqLuxw@mail.gmail.com> In-Reply-To: <1527111631.2205598.1382649664.0BF85F15@webmail.messagingengine.com> References: <1527111631.2205598.1382649664.0BF85F15@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I recommend adding support for Argon2. https://en.wikipedia.org/wiki/Argon2 On Wed, May 23, 2018, 5:42 PM Mark Felder, <feld@freebsd.org> wrote: > Around 2012[1] we made the brave switch from md5crypt to sha512. Some > people were asking for bcrypt to be default, and others were hoping we > would see pbkdf2 support. We went with compatible. Additionally, making > password hashing more > > In light of this new article[2] I would like to rehash (pun intended) this > conversation and also mention a bug report[3] we've been sitting on in some > form for 12 years[4] with usable code that would make working with password > hashing algorithms easier and the rounds configurable by the admin. > > I'd also like to see us to pull in scrypt if cperciva doesn't have any > objections. It's good to have options. > > PS: Why does "compatibility" matter for a default algorithm? Having a > default different than Linux or Solaris isn't a bad thing as long as we > implement the industry's common hashes which would permit any management > tools twiddling the master.passwd manually to still be able to insert the > password hashes in a common format... > > [1] > https://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html > [2] > https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ > [3] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518 > [4] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=75934 is the > original report about the issue > > -- > Mark Felder > ports-secteam & portmgr member > feld@FreeBSD.org > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALJrc1zkJmr29M-8pkuTVtVroh%2Bf=8z53AVmSnhSipAMgqLuxw>