Dan Price wrote: > Hi all, > > Please review the following change: > > 178 OpenSolaris should use SHA256 password Hashing > > http://cr.opensolaris.org/~dp/passwd-sha256/ > > Further information, including a detailed rationale, can be found in > http://defect.opensolaris.org/bz/show_bug.cgi?id=178#c6 > > I'm trying to get this in today so that it will be present in > build 99. This will let us get the maximum possible exposure for this > change prior to the November release, to shake out any problems. Please > take a look as soon as possible. > > For the policy.conf file, more easily reviewable diffs can be found in > the bug report. Only a few lines have changed relative to the version > delivered by the ON consolidation.
All looks fine to me, I even verified that the password hash in distro-import/Makefile is a hash for "opensolaris". BTW this is all very timely given: http://blogs.sun.com/DanX/entry/toorcon_10_computer_security_conference#crypt 70hrs is all that an __unix__ hash will survive the beating of 50 PS3s (a measly amount of compute power really). -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
