Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Sep 2005 15:37:11 -0400
From:      Tom Rhodes <trhodes@FreeBSD.org>
To:        Ceri Davies <ceri@submonkey.net>
Cc:        src-committers@FreeBSD.org, pjd@FreeBSD.org, PeterJeremy@optushome.com.au, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org, kensmith@FreeBSD.org
Subject:   Re: cvs commit: src/release Makefile
Message-ID:  <20050928153711.461b4743.trhodes@FreeBSD.org>
In-Reply-To: <20050928190810.GP94010@submonkey.net>
References:  <200509281239.j8SCd0WM012320@repoman.freebsd.org> <20050928124614.GJ94010@submonkey.net> <20050928131019.GB24355@garage.freebsd.pl> <20050928190216.GB72352@cirb503493.alcatel.com.au> <20050928190810.GP94010@submonkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 28 Sep 2005 20:08:11 +0100
Ceri Davies <ceri@submonkey.net> wrote:

> On Thu, Sep 29, 2005 at 05:02:16AM +1000, Peter Jeremy wrote:
> > On Wed, 2005-Sep-28 15:10:19 +0200, Pawel Jakub Dawidek wrote:
> > >On Wed, Sep 28, 2005 at 01:46:14PM +0100, Ceri Davies wrote:
> > >+> On Wed, Sep 28, 2005 at 12:39:00PM +0000, Ken Smith wrote:
> > >+> > kensmith    2005-09-28 12:39:00 UTC
> > >+> > 
> > >+> >   FreeBSD src repository
> > >+> > 
> > >+> >   Modified files:
> > >+> >     release              Makefile 
> > >+> >   Log:
> > >+> >   Add SHA256 checksums to the release build.
> > >+> 
> > >+> Good idea.  Along these lines, does anyone know what the barriers are
> > >+> in moving the default password hash from md5 to blowfish (not for
> > >+> RELENG_6, just in general), or has it just not been done yet?
> > 
> > You need to a line "crypt_default = blf" to /etc/auth.conf
> > That said, the blowfish magic string looks wrong - the MD5 and NT
> > hashes both have a training '$' but blowfish doesn't.  Is this
> > deliberate or a typo?
> 
> I know how to do it, and it does work (it has been the first thing I do
> on any system I build from 4.x up - you also need to update the default
> login class in login.conf).  I'm just wondering why it isn't default.

Issues interacting with NIS(+)?
Not listed in FIPS as an approved US government algorithm yet?
Everyone's too lazy?  :)

-- 
Tom Rhodes

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050928153711.461b4743.trhodes>