On 2013/05/13 18:35, Mark Lumsden wrote: > Shouldn't the default rounds for blowfish in adduser.perl be the same > as login.conf? ok? > > mark > > Index: adduser.perl > =================================================================== > RCS file: /cvs/src/usr.sbin/adduser/adduser.perl,v > retrieving revision 1.58 > diff -u -p -u -p -r1.58 adduser.perl > --- adduser.perl 22 Sep 2011 10:59:23 -0000 1.58 > +++ adduser.perl 12 May 2013 20:09:47 -0000 > @@ -973,12 +973,12 @@ sub salt { > $salt = ""; > } elsif ($encryptionmethod =~ /^blowfish/ ) { > ($encryptionmethod, $salt) = split(/\,/, $encryptionmethod); > - $salt = 7 unless $salt; # default rounds if unspecified > + $salt = 6 unless $salt; # default rounds if unspecified > } else { > warn "$encryptionmethod encryption method invalid\n" if ($verbose > > 0); > - warn "Falling back to blowfish,7...\n" if ($verbose > 0); > + warn "Falling back to blowfish,6...\n" if ($verbose > 0); > $encryptionmethod = "blowfish"; > - $salt = 7; > + $salt = 6; > } > > warn "Salt is: $salt\n" if $verbose > 1; >
The default number of rounds in login.conf was set to 6 in 2001 when the 1.4GHz p3 xeon was a pretty decent cpu - this number needs to go up, not down.