Date: Wed, 5 Jan 2000 22:27:31 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: current@freebsd.org Subject: Advance notice: Removing SHA1 passwords Message-ID: <Pine.BSF.4.21.0001052221270.27411-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Tomorrow I plan to remove the support for SHA1 passwords from libcrypt: this was (re-)added silently by Mark Murray a few months ago as part of a cleanup/re-merging of the libcrypt code, and he's already okayed the re-removal. The reason I want to remove this is because I intend to reimplement libcrypt in a more extensible way sometime over the next few months (assuming I can get over/around/under a final hurdle), and I'd prefer not to have any more compatability warts than necessary (if this were to make it into a release we'd have to support it forever). There's no real advantage to using SHA1 passwords anyway, since they're an algorithmically identical format to the default MD5 system, and there's nothing inherently insecure about that one. If anyone has been using SHA1 passwords, now's the time to regenerate them :-) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001052221270.27411-100000>