Re: Feature Proposal: Transparent upgrade of crypt() algorithms
On 27 February 2014 20:14, Allan Jude <freebsd@allanjude.com> wrote:
> With r262501
> (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
> the upgraded bcrypt from OpenBSD and eventually changing the default
> identifier for bcrypt to $2b$ it reminded me of a feature that is often
> seen in Forum software and other web apps.
>
> Transparent algorithm upgrade.
....
I would strongly support this
> I think Nick's point is you do want passwords using the "old" hash to expire
are some point if they haven't been auto-converted.
Password expiry is an orthogonal issue and should be up to administrator policy.
> This might actually be more applicable with my next suggestion, exposing
> tuneables to control the number of rounds for bcrypt and sha512crypt. As
> this would make it easy to upgrade all existing bcrypt/sha512crypt
> hashes from the default number of rounds (10^4 and 5000 respectively) to
> higher values.
Another orthogonal issue: I'd like to see the results of the password
hashing competition (see: https://password-hashing.net/.
--
Eitan Adler
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 5 之 27 篇):