From owner-cvs-all@FreeBSD.ORG  Wed Sep 28 19:03:14 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@freebsd.org
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7CDD616A420;
	Wed, 28 Sep 2005 19:03:14 +0000 (GMT)
	(envelope-from PeterJeremy@optushome.com.au)
Received: from mail23.syd.optusnet.com.au (mail23.syd.optusnet.com.au
	[211.29.133.164])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DDA2143D5D;
	Wed, 28 Sep 2005 19:03:09 +0000 (GMT)
	(envelope-from PeterJeremy@optushome.com.au)
Received: from cirb503493.alcatel.com.au
	(c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236])
	by mail23.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id
	j8SJ2KKe025542
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Thu, 29 Sep 2005 05:02:36 +1000
Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])
	by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id
	j8SJ2JSR073143; Thu, 29 Sep 2005 05:02:19 +1000 (EST)
	(envelope-from pjeremy@cirb503493.alcatel.com.au)
Received: (from pjeremy@localhost)
	by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id j8SJ2GJR073142; 
	Thu, 29 Sep 2005 05:02:16 +1000 (EST) (envelope-from pjeremy)
Date: Thu, 29 Sep 2005 05:02:16 +1000
From: Peter Jeremy <PeterJeremy@optushome.com.au>
To: Pawel Jakub Dawidek <pjd@freebsd.org>
Message-ID: <20050928190216.GB72352@cirb503493.alcatel.com.au>
References: <200509281239.j8SCd0WM012320@repoman.freebsd.org>
	<20050928124614.GJ94010@submonkey.net>
	<20050928131019.GB24355@garage.freebsd.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050928131019.GB24355@garage.freebsd.pl>
User-Agent: Mutt/1.4.2.1i
Cc: cvs-src@freebsd.org, Ceri Davies <ceri@submonkey.net>,
	src-committers@freebsd.org, cvs-all@freebsd.org,
	Ken Smith <kensmith@freebsd.org>
Subject: Re: cvs commit: src/release Makefile
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2005 19:03:14 -0000

On Wed, 2005-Sep-28 15:10:19 +0200, Pawel Jakub Dawidek wrote:
>On Wed, Sep 28, 2005 at 01:46:14PM +0100, Ceri Davies wrote:
>+> On Wed, Sep 28, 2005 at 12:39:00PM +0000, Ken Smith wrote:
>+> > kensmith    2005-09-28 12:39:00 UTC
>+> > 
>+> >   FreeBSD src repository
>+> > 
>+> >   Modified files:
>+> >     release              Makefile 
>+> >   Log:
>+> >   Add SHA256 checksums to the release build.
>+> 
>+> Good idea.  Along these lines, does anyone know what the barriers are
>+> in moving the default password hash from md5 to blowfish (not for
>+> RELENG_6, just in general), or has it just not been done yet?

You need to a line "crypt_default = blf" to /etc/auth.conf
That said, the blowfish magic string looks wrong - the MD5 and NT
hashes both have a training '$' but blowfish doesn't.  Is this
deliberate or a typo?

>I'd really like to see us using PKCS#5v2 for system passwords at some
>point instead of home-grown hash(hash(...(x))) or encrypt(encrypt(...(x))).

As long as you can describe PKCS in a way that's compatible with the
modular crypt described in crypt(3), this is trivial.

-- 
Peter Jeremy