On Fri, 7 Mar 2014 09:13:30 -0500
John Baldwin wrote:

> I am assuming that an
> administrator wants the transparent upgrade (which I think is useful)
> because they are assuming that the hash algorithm is compromised or
> inferior.

I'd expect it to be done well in advance of that to give plenty of
time for the transition. We are talking about brute force attacks
and GPU development is relatively predicable.

And lets not lose sight of the fact that we are only talking about
limited mitigation after an attacker has gained root access, not
front-line security.

> I suppose if you really were paranoid about the hash what you would
> want is an ability to set an expiration time on the hash algo itself
> where authentication using that hash always fails after the
> expiration time.

Whenever I've been required to change passwords it's always been
imposed immediately after a login.

Just locking-out an account sounds very heavy-handed to me. It seems
like it would be trivial to extract a list of accounts using the
old-style hashes from master.passwd - at least that way you can send
them an email.
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to