From owner-freebsd-current@FreeBSD.ORG Mon Sep 30 18:26:03 2013 Return-Path: Delivered-To: FreeBSD-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 60348DB1 for ; Mon, 30 Sep 2013 18:26:03 +0000 (UTC) (envelope-from nanoman@nanoman.ca) Received: from mail.nanoman.ca (mail.nanoman.ca [76.10.173.222]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D3A252B38 for ; Mon, 30 Sep 2013 18:25:59 +0000 (UTC) Received: from nanocomputer.nanoman.ca (nanocomputer.nanoman.ca [192.168.1.9]) by mail.nanoman.ca (Postfix) with ESMTP id 80D3311625 for ; Mon, 30 Sep 2013 14:16:11 -0400 (EDT) Received: by nanocomputer.nanoman.ca (Postfix, from userid 62661) id 5C4061729C; Mon, 30 Sep 2013 14:16:11 -0400 (EDT) Date: Mon, 30 Sep 2013 14:16:11 -0400 From: "A.J. Kehoe IV (Nanoman)" To: FreeBSD-current@FreeBSD.org Subject: Better Password Hashes Message-ID: <20130930181611.GA90404@nanocomputer.nanoman.ca> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline Organization: Nanoman's Company User-Agent: Mutt (FreeBSD) X-Mailman-Approved-At: Mon, 30 Sep 2013 18:37:23 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: nanoman@nanoman.ca List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Sep 2013 18:26:03 -0000 --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On the FreeBSD-security mailing list earlier this year, I brought up the is= sue of improving password hashes. The patches I included were for FreeBSD = 9-STABLE, which is what I use primarily. gjb@ kindly advised me that the patches would need to be extensively tested= on CURRENT before they'd be merged into 9-STABLE. Derek Marcotte, who wro= te the patches, sent me his updated versions for CURRENT, and I've submitte= d these in a PR: http://www.freebsd.org/cgi/query-pr.cgi?pr=3D182518 (My apologies for neglecting to prefix the PR's Subject line with "[patch]"= =2E) I've been using Derek's patches on my own production systems for the past f= ew months, and I'm happy to say that they're working perfectly. So, what w= e need now is to have these audited and tested by a larger audience, and th= en merged into 9-STABLE when a sufficient number of people are satisfied. Let the testing begin! --=20 A.J. Kehoe IV (Nanoman) | /"\ ASCII Ribbon Campaign Nanoman's Company | \ / - No HTML/RTF in E-mail E-mail: nanoman@nanoman.ca | X - No proprietary attachments WWW: http://www.nanoman.ca/ | / \ - Respect for open standards --YZ5djTAD1cGYuMQK Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIPUAYJKoZIhvcNAQcCoIIPQTCCDz0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DLwwggV3MIIDX6ADAgECAgMNxlswDQYJKoZIhvcNAQEFBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTMwOTA2MjM1MTM0WhcNMTQwMzA1MjM1MTM0WjA9MRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxITAfBgkqhkiG9w0BCQEWEm5hbm9tYW5AbmFub21hbi5jYTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAK9WRGqRDUDjWwNIfZTBp4FL5bI0kY3ZqvM6tEO+Sqp5YxATre8F a+BYbeNp/8MKfuPrRgE2jRzlePAx7kpvZUhRTGAZpncmHC7Z3FDl8Ugid4193ReCfPypb9Gs 3ZgPfzJyNuDeCM3amz/cDXC/makJLpmLzu95D91hD+V30iActE5j1tNewMq9qJRoEdr5Tqus bUjjDm8kiK5sz9JzQjFoufuaWIR57w2Sm1gDVZ0MH46fxZ/SwLDDzt4VC2u+1oS4KSmVUm6X Wv1/Fmdf2sOOu9Ro2xVjJHW+j16lsFPPj+lkDv5tb0G7I2vBoKEQg/s+h8J4F+l/xPL3O5xB c68CAwEAAaOCAUIwggE+MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5 b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5D QWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUH AwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQw IgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwMQYDVR0fBCowKDAmoCSgIoYg aHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5jcmwwHQYDVR0RBBYwFIESbmFub21hbkBu YW5vbWFuLmNhMA0GCSqGSIb3DQEBBQUAA4ICAQBIT4E30NoSEuy3o9EQy9MS7eI9RrEqTdVr uLPsLc1ypssNsXyHwYnjkiMsunMw18x5rb05z97JObjcb1osl3GhfqBZnp5Jsq6d4vDsGn2E cy5QHIwhX5jq3k7KdQi9zYRsG8L+W5bSuip1NN/je4itcVxjAmohD5QXgVKu63RqlE8Lml/a pnL/yrOLKenrZhSJ0fFq+mjEKWPeQOA3lb/swc3SQr3ktN7ndEuer++gGy+8vV3IAipK1IHH nts43bjee1B1W37uN7kxXLy00Lmn/bF3O55c0R5c9pOgTRnL0cfQG5iI8zBmgu12+m19YOFd OXbmZ7G0pdVBgDYrMWx9G2FBbyCm1QSUdSrRg+mU3u2JXGe6Ss3KJfe8jz30hE+1/0aAq4Q3 D02CIWkI5T/9g0BEr8TV+Ef1Bx3GfAP1cE3WLJ9C2sownqRKFflDEOV8de0TPdicYTaYsvk7 eRU/BZcLgyRIoccmTWq1haM3K5doNEC4f1CzvWmAQDKcHyvK8Vu/xkovJAsY7fEzkpJP0WJ4 k0M7ti6ZBH/E/ih2OdMTDCvUN1uxW0pOr8xk0/FWSvc4Tq1g8fdeypufRMmy72lf2a3ZieHy ZVL9BpJrQ+pT7+UHBqG0CadexXML9F8TNjP0xW8nFCTzpX5ElySOrn+Xj/ycZHt9PnoLzb5N uzCCBz0wggUloAMCAQICAQAwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDMw MzMwMTIyOTQ5WhcNMzMwMzI5MTIyOTQ5WjB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAM4iwOJGfew2KAdQlvKgM0CMS/E7Zj8x5WsCNtvWfPbxiI9O dzYFQZX5CfASz0aGc2C3bn7owFhkrs2wrUUXDGP6Zwro1tK/PueYxPBM+uADuzVdbCHeniDZ us1mMjdy+vcI9cfNWMmO5w5e6j7+HKEUChVshoRbZGYqeqlLU3n1iKJ77i8KYSuNsn5NVqUT 7Orakp6sREEeWGBlBWb4wES9y5T3Qn4L92VomFEF8PMFkQQdGxeC7MhXu8NreojxsHLMJVsg kewWAhKPMukXGEjQxwUuAjBCuCWcBWs/qjqn61NI9+jStgeY3BvGNH9/yRyCegVYKwhb8zii qxddZsmY154Qi6LS3XSa93EMcmDfzW+YM52WNHY+JHqSsA6VHm/moEU4R6rXQe1KtxL21xuD ig8u2Am2WdeqBP/Sk31oLt2LS6tYui+N6pWnoMNUiaX724tRIp2yw74RviyRhouWeK0g04ov Gj/G0FFlhyGxGQFlf0Uch/V80EFMTymYIf0zH3UMBFH6GXfb1BQc7oHDHfWYt2kGkSLdAFDM gTGsEgd7ONpoW+Yr1H7JX63o63JM8wHlSyC/mqZXypEAAYuhdSE3tWMNZz5GT3AgZ87F1lnb AuDw0svNumK3kEHo3SDkKbxkKULIItx4mv9D7JgbCVFLWlrCcfHEy3Op5aELAgMBAAGjggHO MIIByjAdBgNVHQ4EFgQUFrUyG9TH8+DmjvO90rA67rI5GNEwgaMGA1UdIwSBmzCBmIAUFrUy G9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0 dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0 eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMB Af8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cHM6Ly93d3cuY2FjZXJ0Lm9yZy9yZXZva2UuY3Js MDAGCWCGSAGG+EIBBAQjFiFodHRwczovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwNAYJ YIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwVgYJ YIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFk IG92ZXIgdG8gaHR0cDovL3d3dy5jYWNlcnQub3JnMA0GCSqGSIb3DQEBBAUAA4ICAQAox+6c ggK6XIASyjUKHYFviWqZzPJoD3+n4Y1YlT698gbDkFqstWD2mUMBo4hwnJ1inaSHr2dYDTA2 O+atSNPLdAKGcT7iKwNo8TRiQEY7U+oo9Kz7ZpVTik1d/TvZYNfKeWk7sWWSpsaBglyczetN AYql3xFVqhXKHzfAgphwYdtqfJajji5UPk8hqZDv3IK/3OhFrU2Qcwg8lGWwBJl2f+K8wmoV qpcENyTYHpRObQ5RvtbEj8qWbfdD3+gwZSc7e7tDQ2PEQ/ey7GjM4RmOIvuY4XtaPgE3O4sI sKLzlU4ay5vNmrHbsnDwLUrb2LDjb0VIMxL//jwyKlT3xPeK8Igjwkf+ZHpxwNEepmOwB36k L9MBj9yfK7bGCKkPk0gl/BL9n0Lc88Q+9lew191p0QZ3NApL0sqg/xzGjMkWvsTMMjdoc18I +1H3SVM2BQqVAkzyeRoQ9tg6dZzzHfGiDXBnhhuzFvUv5aTreYb5PQvCcwulmaxv/Ge45S8L phgkjXvRSDUpGECsk2DhloZQtHpZ2I8hC5/PgpHGO79r3AeRuZdWI6q2bJTGSAY85M5OquT2 LwncU28u/HTrOmOZwqasibynskSgDYoQ42zyJMv6m59wRy7eFIvUsiAJlqJk8SQc3KE1nBWy 1LxVLn0G9ZwOVfRa1pPadq0lc0zFQzGCAlwwggJYAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3Qg Q0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBT aWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMN xlswCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0xMzA5MzAxODE2MTFaMCMGCSqGSIb3DQEJBDEWBBTIS2fno+SFsmUJrpaav9DM6/YB bzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG 9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQB1WkAd ecdfFKzMO8eTl1R7oQYIsize6X4Q5Zwzrr81X6zNATju3+Af7d92Ji2ehOKhrKxGU2feEOVN mZ5QIiigL7vZHSmJj450hPfkb1nXBqX9ifXXCK6JDZUltXAWu2GPClN/V45qXMjdYwCGx5up cTmj6Yv2lat66rDI3QPszb5Qteex4EgqG5DUQnWv1IHFihG8q+ZCfWS4RH+HjhQ7SKIUtN7+ hEKSRMmswQ9BzAsGIBTGAvZGjkD9GFv9NbVP1vyAX+AYiWGHPV6NUnVOvBjt/ZhfwsksU1n+ jccC4ynJ8HtsVeHqtCWA8SZgXYllAnIwwzOxS/dyyA9igDHL --YZ5djTAD1cGYuMQK--