On 2013/05/13 18:35, Mark Lumsden wrote:
> Shouldn't the default rounds for blowfish in adduser.perl be the same
> as login.conf? ok?
>
> mark
>
> Index: adduser.perl
> ===================================================================
> RCS file: /cvs/src/usr.sbin/adduser/adduser.perl,v
> retrieving revision 1.58
> diff -u -p -u -p -r1.58 adduser.perl
> --- adduser.perl 22 Sep 2011 10:59:23 -0000 1.58
> +++ adduser.perl 12 May 2013 20:09:47 -0000
> @@ -973,12 +973,12 @@ sub salt {
> $salt = "";
> } elsif ($encryptionmethod =~ /^blowfish/ ) {
> ($encryptionmethod, $salt) = split(/\,/, $encryptionmethod);
> - $salt = 7 unless $salt; # default rounds if unspecified
> + $salt = 6 unless $salt; # default rounds if unspecified
> } else {
> warn "$encryptionmethod encryption method invalid\n" if ($verbose >
> 0);
> - warn "Falling back to blowfish,7...\n" if ($verbose > 0);
> + warn "Falling back to blowfish,6...\n" if ($verbose > 0);
> $encryptionmethod = "blowfish";
> - $salt = 7;
> + $salt = 6;
> }
>
> warn "Salt is: $salt\n" if $verbose > 1;
>
The default number of rounds in login.conf was set to 6 in 2001 when the
1.4GHz p3 xeon was a pretty decent cpu - this number needs to go up, not down.
