With r262501 (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing the upgraded bcrypt from OpenBSD and eventually changing the default identifier for bcrypt to $2b$ it reminded me of a feature that is often seen in Forum software and other web apps. Transparent algorithm upgrade. Excuse the sloppy pseudo-code: new_format = login_conf.get('passwd_format') username = user.input() plain_pass = user.input() hash = master.passwd.get(username) salt = hash.get_salt() if (crypt(plain_pass, salt) == hash) { /* Successful login */ if (crypt_get_format(hash) != new_format) { /* Upgrade crypt() algorithm */ crypt_set_format(new_format) new_salt = random() new_hash = crypt(plain_pass, new_salt) result = master.passwd.set_password(username, new_hash) } } else { /* Unsuccessful login */ } Basically, when a user successfully authenticates, if some new option is enabled in login.conf, use the plain text password attempt while we have it, to re-hash the password with the new algorithm and update the master.passwd file This would make it much easier to transition a very large userbase from md5crypt to bcrypt or sha512crypt, rather than expiring the passwords or something. This might actually be more applicable with my next suggestion, exposing tuneables to control the number of rounds for bcrypt and sha512crypt. As this would make it easy to upgrade all existing bcrypt/sha512crypt hashes from the default number of rounds (10^4 and 5000 respectively) to higher values. -- Allan Jude
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:47 UTC