Warner Losh wrote this message on Fri, Mar 07, 2014 at 22:30 -0700:
On Mar 7, 2014, at 10:22 PM, Allan Jude free...@allanjude.com wrote:
Performance for default, sha512 w/ 5k rounds:
AMD A10-5700 3.4GHz3.8ms
AMD Opteron 4228 HE 2.8Ghz 5.4ms
Intel(R) Xeon(R) X5650 2.67GHz
Hi all,
Thanks for your attention to the matter/threads. I have thought
a bit about this, and I hope I can add some value to the current
conversation, below:
On 03/07/2014 07:36 PM, Xin Li wrote:
On 03/07/14 14:50, A.J. Kehoe IV (Nanoman) wrote:
Xin Li wrote:
On 03/07/14 13:52, A.J.
On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
Password expiry is an orthogonal issue and should be up to administrator
policy.
Yes, but if you are moving to a different algorithm to improve security, not
coupling it with an eventual expiration of non-migrated accounts
On 2014-03-07 09:13, John Baldwin wrote:
On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
Password expiry is an orthogonal issue and should be up to administrator
policy.
Yes, but if you are moving to a different algorithm to improve security, not
coupling it with an eventual
On Fri, Mar 7, 2014 at 2:13 PM, John Baldwin j...@freebsd.org wrote:
On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
Password expiry is an orthogonal issue and should be up to administrator
policy.
Yes, but if you are moving to a different algorithm to improve security,
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength of the
hashing algorithm (when combined with my other feature request).
Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
applies for the default sha512, maybe I want to update to
On Fri, 7 Mar 2014 09:13:30 -0500
John Baldwin wrote:
I am assuming that an
administrator wants the transparent upgrade (which I think is useful)
because they are assuming that the hash algorithm is compromised or
inferior.
I'd expect it to be done well in advance of that to give plenty of
On Friday, March 07, 2014 10:34:40 am Tom Evans wrote:
On Fri, Mar 7, 2014 at 2:13 PM, John Baldwin j...@freebsd.org wrote:
On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
Password expiry is an orthogonal issue and should be up to
administrator
policy.
Yes, but
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength of the
hashing algorithm (when combined with my other feature request).
Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
applies
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength of the
hashing algorithm (when combined with my other feature request).
Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength
of the hashing algorithm
On 2014-03-07 17:06, Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength
of the hashing algorithm (when combined
Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
On 2014-03-07 17:06, Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 14:50, A.J. Kehoe IV (Nanoman) wrote:
Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 15:07, John-Mark Gurney wrote:
Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
On 2014-03-07 17:06, Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13,
Xin Li wrote this message on Fri, Mar 07, 2014 at 16:43 -0800:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 15:07, John-Mark Gurney wrote:
Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
On 2014-03-07 17:06, Xin Li wrote:
Hi,
On 03/07/14 13:52,
Xin Li wrote this message on Fri, Mar 07, 2014 at 16:36 -0800:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 14:50, A.J. Kehoe IV (Nanoman) wrote:
Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe
Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength
of the hashing algorithm (when combined with my other feature
On 2014-03-07 21:15, John-Mark Gurney wrote:
Xin Li wrote this message on Fri, Mar 07, 2014 at 16:43 -0800:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 15:07, John-Mark Gurney wrote:
Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
On 2014-03-07 17:06, Xin
On Mar 7, 2014, at 10:22 PM, Allan Jude free...@allanjude.com wrote:
Performance for default, sha512 w/ 5k rounds:
AMD A10-5700 3.4GHz 3.8ms
AMD Opteron 4228 HE 2.8Ghz 5.4ms
Intel(R) Xeon(R) X5650 2.67GHz 4.0ms
these times are aprox as the timing varies quite a bit,
Password expiry is an orthogonal issue and should be up to administrator
policy.
Yes, but if you are moving to a different algorithm to improve security, not
coupling it with an eventual expiration of non-migrated accounts gives a
false sense of security. Any admin worth his/her salt is
On Friday, February 28, 2014 4:58:29 pm Eitan Adler wrote:
On 27 February 2014 20:14, Allan Jude free...@allanjude.com wrote:
With r262501
(http://svnweb.freebsd.org/base?view=revisionrevision=262501) importing
the upgraded bcrypt from OpenBSD and eventually changing the default
On 28 Feb 2014, at 02:14, Allan Jude free...@allanjude.com wrote:
With r262501
(http://svnweb.freebsd.org/base?view=revisionrevision=262501) importing
the upgraded bcrypt from OpenBSD and eventually changing the default
identifier for bcrypt to $2b$ it reminded me of a feature that is often
On 2014-02-28 10:07, Nick Hibma wrote:
On 28 Feb 2014, at 02:14, Allan Jude free...@allanjude.com wrote:
With r262501
(http://svnweb.freebsd.org/base?view=revisionrevision=262501) importing
the upgraded bcrypt from OpenBSD and eventually changing the default
identifier for bcrypt to $2b$
On Friday, February 28, 2014 12:16:45 pm Allan Jude wrote:
On 2014-02-28 10:07, Nick Hibma wrote:
On 28 Feb 2014, at 02:14, Allan Jude free...@allanjude.com wrote:
With r262501
(http://svnweb.freebsd.org/base?view=revisionrevision=262501) importing
the upgraded bcrypt from OpenBSD
On 27 February 2014 20:14, Allan Jude free...@allanjude.com wrote:
With r262501
(http://svnweb.freebsd.org/base?view=revisionrevision=262501) importing
the upgraded bcrypt from OpenBSD and eventually changing the default
identifier for bcrypt to $2b$ it reminded me of a feature that is often
26 matches
Mail list logo