With r262501
(http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
the upgraded bcrypt from OpenBSD and eventually changing the default
identifier for bcrypt to $2b$ it reminded me of a feature that is often
seen in Forum software and other web apps.

Transparent algorithm upgrade.

Excuse the sloppy pseudo-code:

new_format = login_conf.get('passwd_format')

username = user.input()
plain_pass = user.input()

hash = master.passwd.get(username)
salt = hash.get_salt()

if (crypt(plain_pass, salt) == hash) {
        /* Successful login */
        if (crypt_get_format(hash) != new_format) {
                /* Upgrade crypt() algorithm */
                new_salt = random()
                new_hash = crypt(plain_pass, new_salt)
                result = master.passwd.set_password(username, new_hash)
} else {
        /* Unsuccessful login */

Basically, when a user successfully authenticates, if some new option is
enabled in login.conf, use the plain text password attempt while we have
it, to re-hash the password with the new algorithm and update the
master.passwd file

This would make it much easier to transition a very large userbase from
md5crypt to bcrypt or sha512crypt, rather than expiring the passwords or

This might actually be more applicable with my next suggestion, exposing
tuneables to control the number of rounds for bcrypt and sha512crypt. As
this would make it easy to upgrade all existing bcrypt/sha512crypt
hashes from the default number of rounds (10^4 and 5000 respectively) to
higher values.

Allan Jude

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to