Re: Feature Proposal: Transparent upgrade of crypt() algorithms
--Apple-Mail=_ED872235-033F-4D87-9EB9-0E265BE5DC3F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On 28 Feb 2014, at 02:14, Allan Jude <freebsd@allanjude.com> wrote:
> With r262501
> (http://svnweb.freebsd.org/base?view=3Drevision&revision=3D262501) =
importing
> the upgraded bcrypt from OpenBSD and eventually changing the default
> identifier for bcrypt to $2b$ it reminded me of a feature that is =
often
> seen in Forum software and other web apps.
> =85
> This would make it much easier to transition a very large userbase =
from
> md5crypt to bcrypt or sha512crypt, rather than expiring the passwords =
or
> something.
The sleeping accounts won=92t be upgraded, so be left at the =91insecure=92=
algorithm. I do see the point of automatic updating of password hashes =
for a newer algorithm, but =91not needing expiry=92 isn=92t the right =
argument. It is actually an argument opposing your change!
What you probably meant was: don=92t hassle users with the change in =
algorithm, possibly only the users that haven=92t ever logged in after 6 =
months.
Nick
--Apple-Mail=_ED872235-033F-4D87-9EB9-0E265BE5DC3F
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlMQpk8ACgkQBxE2H56uaYlYtACgirno1v2hTesWM6VOoUjZsyt3
oQcAn37ID/VG+3z4sO3hk1RCZCGM4Qo1
=uryC
-----END PGP SIGNATURE-----
--Apple-Mail=_ED872235-033F-4D87-9EB9-0E265BE5DC3F--
討論串 (同標題文章)
完整討論串 (本文為第 3 之 27 篇):