-----BEGIN PGP SIGNED MESSAGE-----
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
> Allan Jude wrote:
>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
>>> Allan Jude wrote:
>>>> Honestly, my use case is just silently upgrading the strength
>>>> of the hashing algorithm (when combined with my other feature
>>>> request). Updating my bcrypt hashes from $2a$04$ to $2b$12$
>>>> or something. Same applies for the default sha512, maybe I
>>>> want to update to rounds=15000
>>> Like this?
>>> Request for comments:
>> This looks like what we wanted. In the feedback you talked about
>> some changes to your patch required to make it work, is there any
>> progress on those?
> Derek's patches worked perfectly for our needs, but we're the sort
> of people who use vipw and our own utilities for user management.
> It wasn't until later that we discovered at least one other file
> would need patching to satisfy everyone. We didn't want to employ
> the same copy-pasta method, so we asked for feedback about our
> proposed alternative.
> secteam@, do you have any comments? Before we put any more work
> into this, we want to be sure that our proposal is an acceptable
Did you mean adding rounds capability, or transparent upgrade of
crypt() algorithms, or both?
I need some time to digest the whole transparent upgrade idea but in
general I think it's good.
Speaking for adding rounds, the only problem that needs to be fixed is
that the proposed patch makes it possible to create conflicting
configuration (passwd_format and passwd_modular can use different
hashing algorithms) and need to be fixed and polished. I like the
idea of making it possible to use more rounds though.
Xin LI <delp...@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
-----END PGP SIGNATURE-----
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"