Hello!
I've been working on this for a while, and I've produced a patch
that does a few things with the base system:
1. allows modular crypt to be specified as passwd_format in
/etc/login.conf
- this allows setting the algorithm *and rounds*, i.e. $2b$10$
for users of varying classes.
- this will allow any future algorithms and parameters
supported by crypt(3) to be supported by the tools around login.conf
2. introduces a new api, crypt_makesalt which will generate an
appropriate salt for any algorithm selected
3. updates userland to use this API, and removes totally the
{crypt_set_format, login_setcryptfmt, login_getcryptfmt} APIs
4. switches crypt algorithms to use thread-local storage, so the
good old global crypt buffer is thread-local
5. includes a bunch of new test vectors for libcrypt ATF tests
There are references to previous discussions/patches/etc here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=168499+0+/usr/local/www/db/text/2013/freebsd-current/20131006.freebsd-current
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=361757+0+/usr/local/www/db/text/2014/freebsd-current/20140112.freebsd-current
And most recent discussion here:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1751919+0+archive/2014/freebsd-current/20140716.freebsd-current
Anyways, I've put a bunch of work into this, and am anxious to
actually get this accepted into -HEAD.
What more can I do at this point?
A patch against current is in the original PR/"bug":
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182518
Thanks,
Derek
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
