On 6/11/2012 10:00 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa <m...@sentex.net> writes:
>> Dag-Erling Smørgrav <d...@des.no> writes:
>>> Mike Tancsa <m...@sentex.net> writes:
>>>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>>>> currently not there.
>>> "not there" as in "not supported by crypt(3)"?
>> If you put in sha256|sha512 in passwd_format, the passwd that gets
>> chosen is DES, as in Data Encryption Standard, not Dag-Erling Smørgrav
>> ;-)
>
> This is non-trivial to fix, as the code that would need to be MFCed
> depends on libc changes. I'm worried about collateral damage from
> MFCing those changes.
>
> It may be possible to backport the sha2 code.
Locally, we still have a need to share some passwd files between a
couple of RELENG_8 and RELENG_7 boxes. But it might be better to just
upgrade the new boxes to 8 if need be. If not, is Blowfish as its
currently implemented on RELENG_7 considered strong enough ? There has
been some discussion suggesting its not and some that it is.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
