Date: Thu, 29 Sep 2005 05:02:16 +1000 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: cvs-src@freebsd.org, Ceri Davies <ceri@submonkey.net>, src-committers@freebsd.org, cvs-all@freebsd.org, Ken Smith <kensmith@freebsd.org> Subject: Re: cvs commit: src/release Makefile Message-ID: <20050928190216.GB72352@cirb503493.alcatel.com.au> In-Reply-To: <20050928131019.GB24355@garage.freebsd.pl> References: <200509281239.j8SCd0WM012320@repoman.freebsd.org> <20050928124614.GJ94010@submonkey.net> <20050928131019.GB24355@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2005-Sep-28 15:10:19 +0200, Pawel Jakub Dawidek wrote: >On Wed, Sep 28, 2005 at 01:46:14PM +0100, Ceri Davies wrote: >+> On Wed, Sep 28, 2005 at 12:39:00PM +0000, Ken Smith wrote: >+> > kensmith 2005-09-28 12:39:00 UTC >+> > >+> > FreeBSD src repository >+> > >+> > Modified files: >+> > release Makefile >+> > Log: >+> > Add SHA256 checksums to the release build. >+> >+> Good idea. Along these lines, does anyone know what the barriers are >+> in moving the default password hash from md5 to blowfish (not for >+> RELENG_6, just in general), or has it just not been done yet? You need to a line "crypt_default = blf" to /etc/auth.conf That said, the blowfish magic string looks wrong - the MD5 and NT hashes both have a training '$' but blowfish doesn't. Is this deliberate or a typo? >I'd really like to see us using PKCS#5v2 for system passwords at some >point instead of home-grown hash(hash(...(x))) or encrypt(encrypt(...(x))). As long as you can describe PKCS in a way that's compatible with the modular crypt described in crypt(3), this is trivial. -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050928190216.GB72352>