On Wed, 15 Dec 2010, Ted Unangst wrote:
> These values have not marched forward with the progress of time. For
> perspective, the last increase in bcrypt rounds was around the time we
> considered Monica Lewinsky a big scandal.
OK, so let's table what the right values and just make the values
configurable. Then we can discuss moving up (or even down).
Index: login.conf.in
===================================================================
RCS file: /home/tedu/cvs/src/etc/login.conf.in,v
retrieving revision 1.2
diff -u -r1.2 login.conf.in
--- login.conf.in 9 Jan 2007 10:20:12 -0000 1.2
+++ login.conf.in 16 Dec 2010 04:28:42 -0000
@@ -46,7 +46,7 @@
:maxproc-c...@def_maxproc_cur@:\
:openfiles-c...@def_openfiles_cur@:\
:stacksize-cur=4M:\
- :localcipher=blowfish,6:\
+ :localcipher=blowfish,@DEF_BLOWFISH_RNDS@:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
@@ -62,7 +62,7 @@
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,@ROOT_BLOWFISH_RNDS@:\
:tc=default:
#
Index: mklogin.conf
===================================================================
RCS file: /home/tedu/cvs/src/etc/mklogin.conf,v
retrieving revision 1.4
diff -u -r1.4 mklogin.conf
--- mklogin.conf 24 Mar 2009 20:34:51 -0000 1.4
+++ mklogin.conf 16 Dec 2010 04:30:28 -0000
@@ -19,6 +19,8 @@
values["STAFF_MAXPROC_MAX"]="512"
values["STAFF_MAXPROC_CUR"]="128"
values["STAFF_OPENFILES_CUR"]="128"
+ values["DEF_BLOWFISH_RNDS"]="6"
+ values["ROOT_BLOWFISH_RNDS"]="8"
# Optional overrides
if (ARGC > 1) {
