FreeBSD Mail Archives

Date:      Fri, 7 Mar 2014 17:50:50 -0500
From:      "A.J. Kehoe IV (Nanoman)" <nanoman@nanoman.ca>
To:        d@delphij.net
Cc:        Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, freebsd-current@freebsd.org, secteam@FreeBSD.org
Subject:   Re: Feature Proposal: Transparent upgrade of crypt() algorithms
Message-ID:  <20140307225050.GC50880@nanocomputer.nanoman.ca>
In-Reply-To: <531A42F3.5020207@delphij.net>
References:  <2167732.JmQmEPMV2N@desktop.reztek> <201403070913.30359.jhb@freebsd.org> <5319DE84.3040602@allanjude.com> <20140307161313.GA49137@nanocomputer.nanoman.ca> <531A2CC1.8080802@allanjude.com> <20140307215223.GB49137@nanocomputer.nanoman.ca> <531A42F3.5020207@delphij.net>


[-- Attachment #1 --]
Xin Li wrote:
>Hi,
>
>On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
>> Allan Jude wrote:
>>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
>>>> Allan Jude wrote:
>>>>
>>>> [...]
>>>>
>>>>> Honestly, my use case is just silently upgrading the strength
>>>>> of the hashing algorithm (when combined with my other feature
>>>>> request). Updating my bcrypt hashes from $2a$04$ to $2b$12$
>>>>> or something. Same applies for the default sha512, maybe I
>>>>> want to update to rounds=15000
>>>>
>>>> Like this?
>>>>
>>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=182518
>>>>
>>>> Request for comments:
>>>>
>>>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903

[...]

>Speaking for adding rounds, the only problem that needs to be fixed is
>that the proposed patch makes it possible to create conflicting
>configuration (passwd_format and passwd_modular can use different
>hashing algorithms) and need to be fixed and polished.  I like the
>idea of making it possible to use more rounds though.

This was deliberate for backward compatibility.  passwd_format will be used by default if passwd_modular isn't defined.  If passwd_modular is defined as "disabled", then passwd_format will be used.

What do you think of the idea of putting this into libcrypt instead of pam_unix.c, and then patching pam_unix.c and pw_user.c to reference libcrypt?

-- 
A.J. Kehoe IV (Nanoman)     |  /"\  ASCII Ribbon Campaign
Nanoman's Company           |  \ /   - No HTML/RTF in E-mail
E-mail: nanoman@nanoman.ca  |   X    - No proprietary attachments
WWW: http://www.nanoman.ca/ |  / \   - Respect for open standards

[-- Attachment #2 --]
0�P	*�H��
��A0�=10	+0	*�H��
���0�w0�_���0
	*�H��

0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org0
140224170909Z
140823170909Z0=10UCAcert WoT User1!0	*�H��
	nanoman@nanoman.ca0�"0
	*�H��
�0�
��VDj�
@�[H}����K�4��٪�:�C�J�yc��k�Xm�i��
~��F6��x�1�JoeHQL`�w&.��P��H"w�}��|��oѬݘ2r6���ڛ?�
p���	.����y�a�w� �Nc��^�ʽ��h��N��mH�o$��l��sB1h���X�y�
��XU���ş������k�ք�))�Rn�Z�g_�Î��h�c$u��^��SϏ�d�moA�#k�����>��x����;�As���B0�>0U�00V	`�H��B
IGTo get your own certificate for FREE head over to http://www.CAcert.org0U��0@U%907++
+�7

+�7
	`�H��B02+&0$0"+0�http://ocsp.cacert.org01U*0(0&�$�"� http://crl.cacert.org/revoke.crl0U0�nanoman@nanoman.ca0
	*�H��

��h�\M�����Dm�5�K�8�brO/;���>��1��Sl���(,M~P�*�S�C���@6���,~�̞�C(h��ܫcIN����N&��g�G͖�1���+L���=��)�����V�j7���$�`J�r���7w�!2G����.�b�F�컘0��!7sΠ�qS���I�[)8�kF�ty��I&��֛�$��S��]�S�����DKQ��I=OvS�X�ҫY�J.M�s&�>.ߋFU#����<����1�ɭe4B��^�KQ�@��w�j�������*y����
����=�3��D��1^|�N�S�63𠢬���Ds��e�����Ґ�#�7�E3W�RL{+I�~}�崋� Jj�.��BN���m{���m�tM�л�P7�.|M�'q�*��fkaՊ�	d	@,U�d,E��@�q�������������(�G�E���D�;J��:hN��^�S�$��pX��W�R]r%�H�0�=0�%�0
	*�H��
0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org0
030330122949Z
330329122949Z0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org0�"0
	*�H��
�0�
��"��F}�6(P��3@�K�;f?1�k6��|��Nw6A��	��F�s`�n~��Xd�Ͱ�Ec�g
��ҿ>���L���5]l!ޞ ٺ�f27r�����XɎ�^�>��
l��[df*z�KSy���{�/
a+��~MV���ڒ��DAX`ef��D�˔�B~�eh�Q������W��kz��r�%[ ���2�H��.0B�%�k?�:��SH��Ҷ���4��zX+[�8��]fɘמ����t��qr`��o�3��4v>$z���o�E8G��A�J�����.�	�Yת�ғ}h.݋K�X�/�ꕧ��T���ۋQ"��þ�,����x� ӊ/?��Qe�!�eE��|�ALO)�!�3uQ�w�������i�"�Ṕ1�{8�h[�+�~�_���rL��K ���Wʑ��u!7�c
g>FOp g���Y�����ͺb��A�� �)�d)B�"�x��C�	QKZZ�q���s�����0��0U�2������Ұ:�9�0��U#��0����2������Ұ:�9ѡ}�{0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org�0U�0�02U+0)0'�%�#�!https://www.cacert.org/revoke.crl00	`�H��B#!https://www.cacert.org/revoke.crl04	`�H��B'%http://www.cacert.org/index.php?id=100V	`�H��B
IGTo get your own certificate for FREE head over to http://www.cacert.org0
	*�H��
�(��\��5
�o�j���h��X�>��ÐZ��`��C��p��b����gX
06;�H��t�q>�+h�4b@F;S�(���f�S�M]�;�`��yi;�e��Ɓ�\���M���U��7���pa�j|���.T>O!���܂���E�M�s<�e��v��j��7$��NmQ��ďʖm�C��0e';{�CCc�C���h���"���{Z>7;����N˛͚�۲p�-J�ذ�oEH3��<2*T������#�G�dzq���c�~�/��ܟ+����H%���B���>�W���i�w4
K�ʠ�ƌ����27hs_�Q�IS6
�L�y��:u���
pg���/��y��=�s���o�g��/�$�{�H5)@��`ᖆP�zY؏!�ς��;�k����V#��l��H<��N���/	�So.�t�:c�¦�����D�
��l�$����pG.��Բ 	��d�$ܡ5��ԼU.}��U�Z֓�v�%sL�C1�\0�X0��0y10U
Root CA10Uhttp://www.cacert.org1"0 UCA Cert Signing Authority1!0	*�H��
	support@cacert.org��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
140307225050Z0#	*�H��
	1��7ϐ�|@�b��=Q0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0
	*�H��
�-+S�ũ6%C�/ǖ�j������Z�c?��c]&O�ɏw�:�I"p��e!;%���}CYXv�~J�*-�EJW���2@�dx
5@��8���oŻ$/EX�M�5tpA��G:��I�n�z��Z`�{wJ9Ϧ�f���鼘ٿ�>nv����p���{`�F�ϕDJHӺFꄜ�~�քx�F�^����繟�n;��A�h�d����˼T��$��lj��)��}���{���S+�%��(�-�

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140307225050.GC50880>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation