Date: Fri, 7 Mar 2014 17:50:50 -0500 From: "A.J. Kehoe IV (Nanoman)" <nanoman@nanoman.ca> To: d@delphij.net Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, freebsd-current@freebsd.org, secteam@FreeBSD.org Subject: Re: Feature Proposal: Transparent upgrade of crypt() algorithms Message-ID: <20140307225050.GC50880@nanocomputer.nanoman.ca> In-Reply-To: <531A42F3.5020207@delphij.net> References: <2167732.JmQmEPMV2N@desktop.reztek> <201403070913.30359.jhb@freebsd.org> <5319DE84.3040602@allanjude.com> <20140307161313.GA49137@nanocomputer.nanoman.ca> <531A2CC1.8080802@allanjude.com> <20140307215223.GB49137@nanocomputer.nanoman.ca> <531A42F3.5020207@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--69pVuxX8awAiJ7fD Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Xin Li wrote: >Hi, > >On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote: >> Allan Jude wrote: >>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote: >>>> Allan Jude wrote: >>>> >>>> [...] >>>> >>>>> Honestly, my use case is just silently upgrading the strength >>>>> of the hashing algorithm (when combined with my other feature >>>>> request). Updating my bcrypt hashes from $2a$04$ to $2b$12$ >>>>> or something. Same applies for the default sha512, maybe I >>>>> want to update to rounds=3D15000 >>>> >>>> Like this? >>>> >>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D182518 >>>> >>>> Request for comments: >>>> >>>> http://docs.freebsd.org/cgi/mid.cgi?20140106205156.GD4903 [...] >Speaking for adding rounds, the only problem that needs to be fixed is >that the proposed patch makes it possible to create conflicting >configuration (passwd_format and passwd_modular can use different >hashing algorithms) and need to be fixed and polished. I like the >idea of making it possible to use more rounds though. This was deliberate for backward compatibility. passwd_format will be used= by default if passwd_modular isn't defined. If passwd_modular is defined = as "disabled", then passwd_format will be used. What do you think of the idea of putting this into libcrypt instead of pam_= unix.c, and then patching pam_unix.c and pw_user.c to reference libcrypt? --=20 A.J. Kehoe IV (Nanoman) | /"\ ASCII Ribbon Campaign Nanoman's Company | \ / - No HTML/RTF in E-mail E-mail: nanoman@nanoman.ca | X - No proprietary attachments WWW: http://www.nanoman.ca/ | / \ - Respect for open standards --69pVuxX8awAiJ7fD Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIPUAYJKoZIhvcNAQcCoIIPQTCCDz0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DLwwggV3MIIDX6ADAgECAgMOkYIwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTQwMjI0MTcwOTA5WhcNMTQwODIzMTcwOTA5WjA9MRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxITAfBgkqhkiG9w0BCQEWEm5hbm9tYW5AbmFub21hbi5jYTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAK9WRGqRDUDjWwNIfZTBp4FL5bI0kY3ZqvM6tEO+Sqp5YxATre8F a+BYbeNp/8MKfuPrRgE2jRzlePAx7kpvZUhRTGAZpncmHC7Z3FDl8Ugid4193ReCfPypb9Gs 3ZgPfzJyNuDeCM3amz/cDXC/makJLpmLzu95D91hD+V30iActE5j1tNewMq9qJRoEdr5Tqus bUjjDm8kiK5sz9JzQjFoufuaWIR57w2Sm1gDVZ0MH46fxZ/SwLDDzt4VC2u+1oS4KSmVUm6X Wv1/Fmdf2sOOu9Ro2xVjJHW+j16lsFPPj+lkDv5tb0G7I2vBoKEQg/s+h8J4F+l/xPL3O5xB c68CAwEAAaOCAUIwggE+MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5 b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5D QWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUH AwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCGSAGG+EIEATAyBggrBgEFBQcBAQQmMCQw IgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5vcmcwMQYDVR0fBCowKDAmoCSgIoYg aHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5jcmwwHQYDVR0RBBYwFIESbmFub21hbkBu YW5vbWFuLmNhMA0GCSqGSIb3DQEBDQUAA4ICAQCEaPJcTaHwgbPsRG2zNaFL1TioYnJPLzv4 HIIf7D6uvTHn8lNs5wgXD5iXKCxNflCmKuhTg0Oc7tRANpMI7H8UjAUsfqLMnslDKGiQw9yr Y0lOjYviAwLeTiYElR9/lWelR82WwDHAoYkrTJePhj2v138pk4fBxBOjVptqN58TjvKqqiQF lGBKpnLLwsscN3f7ITJHHs728voulBtis0aL7LuYMIrsIRg3GHPOoNlxU4ud/knjoFspOIAS a0Yb8h10eZrvSSa019abqSTK8lOBkV0bH7FT++3J5obkREtRqrRJPU92U+OYWOPSq1nPFEou TfBzJpY+AS7fi0YUVSMZ0Nr85zywlZGwETGCya1lNEKAiF6GSxpRuUD7yneUaoYQnYisi7zA BSp5ur2aiw3PFY/P2D3xFjP3zUSUszFefPlO4lMD3TYz8KCirBKDvR3hRHPV52Wam+6nwuWW HNKQ464j5jeqRTNX3FJMeytJmX59EoTltIusIEpqxC7S40JOlaDBbXsVuufvBm0Bk3RNktC7 ylA3CB2eHwAZLnxN8hIncZAq4PK2Zmth1YriEQlkCUAsVeFkLEWNAqRAsREXcfqQj4H75Pb8 ku0QsesX7Ci3R4tF4dECz0TguxI7SuSq/TpoToz8Xg+OH1O9JLODcFjx+lf5Ul0ScggcJdpI 1jCCBz0wggUloAMCAQICAQAwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDMw MzMwMTIyOTQ5WhcNMzMwMzI5MTIyOTQ5WjB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRo b3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAM4iwOJGfew2KAdQlvKgM0CMS/E7Zj8x5WsCNtvWfPbxiI9O dzYFQZX5CfASz0aGc2C3bn7owFhkrs2wrUUXDGP6Zwro1tK/PueYxPBM+uADuzVdbCHeniDZ us1mMjdy+vcI9cfNWMmO5w5e6j7+HKEUChVshoRbZGYqeqlLU3n1iKJ77i8KYSuNsn5NVqUT 7Orakp6sREEeWGBlBWb4wES9y5T3Qn4L92VomFEF8PMFkQQdGxeC7MhXu8NreojxsHLMJVsg kewWAhKPMukXGEjQxwUuAjBCuCWcBWs/qjqn61NI9+jStgeY3BvGNH9/yRyCegVYKwhb8zii qxddZsmY154Qi6LS3XSa93EMcmDfzW+YM52WNHY+JHqSsA6VHm/moEU4R6rXQe1KtxL21xuD ig8u2Am2WdeqBP/Sk31oLt2LS6tYui+N6pWnoMNUiaX724tRIp2yw74RviyRhouWeK0g04ov Gj/G0FFlhyGxGQFlf0Uch/V80EFMTymYIf0zH3UMBFH6GXfb1BQc7oHDHfWYt2kGkSLdAFDM gTGsEgd7ONpoW+Yr1H7JX63o63JM8wHlSyC/mqZXypEAAYuhdSE3tWMNZz5GT3AgZ87F1lnb AuDw0svNumK3kEHo3SDkKbxkKULIItx4mv9D7JgbCVFLWlrCcfHEy3Op5aELAgMBAAGjggHO MIIByjAdBgNVHQ4EFgQUFrUyG9TH8+DmjvO90rA67rI5GNEwgaMGA1UdIwSBmzCBmIAUFrUy G9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0 dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0 eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMB Af8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cHM6Ly93d3cuY2FjZXJ0Lm9yZy9yZXZva2UuY3Js MDAGCWCGSAGG+EIBBAQjFiFodHRwczovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwNAYJ YIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwVgYJ YIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFk IG92ZXIgdG8gaHR0cDovL3d3dy5jYWNlcnQub3JnMA0GCSqGSIb3DQEBBAUAA4ICAQAox+6c ggK6XIASyjUKHYFviWqZzPJoD3+n4Y1YlT698gbDkFqstWD2mUMBo4hwnJ1inaSHr2dYDTA2 O+atSNPLdAKGcT7iKwNo8TRiQEY7U+oo9Kz7ZpVTik1d/TvZYNfKeWk7sWWSpsaBglyczetN AYql3xFVqhXKHzfAgphwYdtqfJajji5UPk8hqZDv3IK/3OhFrU2Qcwg8lGWwBJl2f+K8wmoV qpcENyTYHpRObQ5RvtbEj8qWbfdD3+gwZSc7e7tDQ2PEQ/ey7GjM4RmOIvuY4XtaPgE3O4sI sKLzlU4ay5vNmrHbsnDwLUrb2LDjb0VIMxL//jwyKlT3xPeK8Igjwkf+ZHpxwNEepmOwB36k L9MBj9yfK7bGCKkPk0gl/BL9n0Lc88Q+9lew191p0QZ3NApL0sqg/xzGjMkWvsTMMjdoc18I +1H3SVM2BQqVAkzyeRoQ9tg6dZzzHfGiDXBnhhuzFvUv5aTreYb5PQvCcwulmaxv/Ge45S8L phgkjXvRSDUpGECsk2DhloZQtHpZ2I8hC5/PgpHGO79r3AeRuZdWI6q2bJTGSAY85M5OquT2 LwncU28u/HTrOmOZwqasibynskSgDYoQ42zyJMv6m59wRy7eFIvUsiAJlqJk8SQc3KE1nBWy 1LxVLn0G9ZwOVfRa1pPadq0lc0zFQzGCAlwwggJYAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3Qg Q0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBT aWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMO kYIwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0xNDAzMDcyMjUwNTBaMCMGCSqGSIb3DQEJBDEWBBQMHsnwuDfPkNh8QPZi8uOGPVEd AzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG 9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAtK1Oc xak2JUPQL8eW9Gq8qpD9HrUWnFqlYz8cz8ZjXSZPDBQQu8mPd9A6sEkicMbrlGUSITslE4CU vH1DWRpYdtp+SpkqLfBFSleTjJ4yQMlkeA01QLaTOP+dxwVvxbsPJC9FWMVN7zV0cEGC1RFH Op2PGUmbbq8WetDNWmAABfx7d0o5z6bSAWbkHbeGF+m8mNm/ohE+bnaWA7GZ4bZw5hMU+NB7 YIxGgs+VREpI07pG6oScon6p1oQUeM9GzV6g9AKToOe5n/1uO8IB4EHsaNpk3Q/F7bjLvFT+ 1hMknuZsagLc7CmD+n3o/Px7wanxUyuxJbrYKB4QFZ0txiAV --69pVuxX8awAiJ7fD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140307225050.GC50880>