Xin Li wrote: >Hi, > >On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote: >> Allan Jude wrote: >>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote: >>>> Allan Jude wrote: >>>> >>>> [...] >>>> >>>>> Honestly, my use case is just silently upgrading the strength >>>>> of the hashing algorithm (when combined with my other feature >>>>> request). Updating my bcrypt hashes from $2a$04$ to $2b$12$ >>>>> or something. Same applies for the default sha512, maybe I >>>>> want to update to rounds=15000 >>>> >>>> Like this? >>>> >>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=182518 >>>> >>>> Request for comments: >>>> >>>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903 [...] >Speaking for adding rounds, the only problem that needs to be fixed is >that the proposed patch makes it possible to create conflicting >configuration (passwd_format and passwd_modular can use different >hashing algorithms) and need to be fixed and polished. I like the >idea of making it possible to use more rounds though. This was deliberate for backward compatibility. passwd_format will be used by default if passwd_modular isn't defined. If passwd_modular is defined as "disabled", then passwd_format will be used. What do you think of the idea of putting this into libcrypt instead of pam_unix.c, and then patching pam_unix.c and pw_user.c to reference libcrypt? -- A.J. Kehoe IV (Nanoman) | /"\ ASCII Ribbon Campaign Nanoman's Company | \ / - No HTML/RTF in E-mail E-mail: nanoman_at_nanoman.ca | X - No proprietary attachments WWW: http://www.nanoman.ca/ | / \ - Respect for open standards
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:47 UTC