Re: Feature Proposal: Transparent upgrade of crypt() algorithms

From: A.J. Kehoe IV (Nanoman) <"A.J.>
Date: Fri, 7 Mar 2014 16:52:23 -0500
Allan Jude wrote:
>On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
>> Allan Jude wrote:
>>
>> [...]
>>
>>> Honestly, my use case is just silently upgrading the strength of the
>>> hashing algorithm (when combined with my other feature request).
>>> Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
>>> applies for the default sha512, maybe I want to update to rounds=15000
>>
>> Like this?
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=182518
>>
>> Request for comments:
>>
>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903
>>
>
>This looks like what we wanted. In the feedback you talked about some
>changes to your patch required to make it work, is there any progress on
>those?

Derek's patches worked perfectly for our needs, but we're the sort of people who use vipw and our own utilities for user management.  It wasn't until later that we discovered at least one other file would need patching to satisfy everyone.  We didn't want to employ the same copy-pasta method, so we asked for feedback about our proposed alternative.

secteam_at_, do you have any comments?  Before we put any more work into this, we want to be sure that our proposal is an acceptable one.

-- 
A.J. Kehoe IV (Nanoman)     |  /"\  ASCII Ribbon Campaign
Nanoman's Company           |  \ /   - No HTML/RTF in E-mail
E-mail: nanoman_at_nanoman.ca  |   X    - No proprietary attachments
WWW: http://www.nanoman.ca/ |  / \   - Respect for open standards

Received on Fri Mar 07 2014 - 20:52:27 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:47 UTC