From owner-freebsd-security@FreeBSD.ORG Sat Feb 14 17:33:17 2015 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 436BF4D7; Sat, 14 Feb 2015 17:33:17 +0000 (UTC) Received: from thyme.infocus-llc.com (thyme.infocus-llc.com [199.15.120.10]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1A420D5A; Sat, 14 Feb 2015 17:33:16 +0000 (UTC) Received: from draco.over-yonder.net (c-75-65-60-66.hsd1.ms.comcast.net [75.65.60.66]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by thyme.infocus-llc.com (Postfix) with ESMTPSA id A465537B5A0; Sat, 14 Feb 2015 11:33:14 -0600 (CST) Received: by draco.over-yonder.net (Postfix, from userid 100) id 3kkzF26vVMzTP; Sat, 14 Feb 2015 11:33:10 -0600 (CST) Date: Sat, 14 Feb 2015 11:33:10 -0600 From: "Matthew D. Fuller" To: "Derek (freebsd lists)" <482254ac@razorfever.net> Subject: Re: [patch] libcrypt & friends - modular crypt format support in /etc/login.conf Message-ID: <20150214173310.GD37668@over-yonder.net> References: <54D9F8DF.7070904@razorfever.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54D9F8DF.7070904@razorfever.net> X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.5.23-fullermd.4 (2014-03-12) X-Virus-Scanned: clamav-milter 0.98.6 at thyme.infocus-llc.com X-Virus-Status: Clean Cc: freebsd-security@FreeBSD.org, John-Mark Gurney , "A.J. Kehoe IV \(Nanoman\)" , delphij@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2015 17:33:17 -0000 On Tue, Feb 10, 2015 at 07:26:07AM -0500 I heard the voice of Derek (freebsd lists), and lo! it spake thus: > > 2. introduces a new api, crypt_makesalt which will generate an > appropriate salt for any algorithm selected It has been an endlessly-repeated source of pain to me that there isn't a standard API for this, and it's just been into the wound[0] that there isn't even a NON-standard one, and so I have to guess and re-implement any time I want to use crypt(3) for anything except /etc/passwd. Of course, I want it in non-C, but one problem at a time... If you accomplish nothing else with this, I'll happily fall at your feet just for this 8-} [0] By a hydraulic press, I think. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.