>
> I believe that there are patches/review for making the default password
> hash algorithm configurable via login.conf or something similar.. so some
> of the work has already been done..
>
> > I'd also like to see us to pull in scrypt if cperciva doesn't have an
John-Mark Gurney writes:
> I believe that there are patches/review for making the default password
> hash algorithm configurable via login.conf or something similar...
You mean like r64918?
DES
--
Dag-Erling Smørgrav - d...@des.no
___
f
...
I believe that there are patches/review for making the default password
hash algorithm configurable via login.conf or something similar.. so some
of the work has already been done..
> I'd also like to see us to pull in scrypt if cperciva doesn't have any
> objections. It's good
On 18-05-23 05:40 PM, Mark Felder wrote:
In light of this new article[2] I would like to rehash (pun intended) this
conversation and also mention a bug report[3] we've been sitting on in some
form for 12 years[4] with usable code that would make working with password
hashing algorithms easier
On Wed, May 23, 2018 at 05:50:04PM -0400, Yonas Yanfa wrote:
> I recommend adding support for Argon2.
>
> https://en.wikipedia.org/wiki/Argon2
Yes, Argon2 seems like a no-brainer at this point.
-Ben
___
freebsd-security@freebsd.org mailing list
https:/
On Wed, May 23, 2018, at 16:40, Mark Felder wrote:
> Additionally, making password hashing more
>
Mailman came to the door and my barking dog interrupted my train of thought :-)
I believe what I was going for was in reference to the bugzilla report, so I'll
try again:
Additionally, making pa
I recommend adding support for Argon2.
https://en.wikipedia.org/wiki/Argon2
On Wed, May 23, 2018, 5:42 PM Mark Felder, wrote:
> Around 2012[1] we made the brave switch from md5crypt to sha512. Some
> people were asking for bcrypt to be default, and others were hoping we
> would see pbkdf2 suppo
Around 2012[1] we made the brave switch from md5crypt to sha512. Some people
were asking for bcrypt to be default, and others were hoping we would see
pbkdf2 support. We went with compatible. Additionally, making password hashing
more
In light of this new article[2] I would like to rehash (pun
The attached patch backports support for sha256 and sha512 hashes to
stable/7. It is not an exact MFH because the sha code in head uses
stpncpy(), which is not present in stable/7's libc.
DES
--
Dag-Erling Smørgrav - d...@des.no
Index: lib/libcrypt
==
The attached patch backports support for sha256 and sha512 hashes to
stable/7. It is not an exact MFH because the sha code in head uses
stpncpy(), which is not present in stable/7's libc.
DES
--
Dag-Erling Smørgrav - d...@des.no
Index: lib/libcrypt
==
On 6/10/12 8:03 PM, Oliver Pinter wrote:
On 6/11/12, RW wrote:
On Mon, 11 Jun 2012 00:37:30 +0200
Oliver Pinter wrote:
16 rounds in 2012? It is not to weak?!
It's hard to say. Remember that blowfish was designed as a cipher not
a hash. It's designed to be fast, but to still resist known plai
On (11/06/2012 12:43), Simon L. B. Nielsen wrote:
> On Sun, Jun 10, 2012 at 3:53 PM, Gleb Kurtsou wrote:
[...]
> > Do you mean pkcs5v2_calculate from geli? It seems to have a drawback
>
> Correct.
>
> > that results produced depend on actual CPU load.
>
> That's not the drawback, but the whole
On Mon, 11 Jun 2012 14:44:02 +0400
Lev Serebryakov wrote:
> Hello, Simon.
> You wrote 10 июня 2012 г., 14:02:50:
>
> SLBN> Has anyone looked at how long the SHA512 password hashing
> SLBN> actually takes on modern computers?
> Modern computers are not what should you afraid. Modern GPUs are.
Gleb Kurtsou writes:
> In other words, currently there is no benefit in switch default
> algorithm to relatively new crypt_sha512 vs 256-iterations
> crypt_blowfish supported on RELENG_7.
>From a cryptographic point of view, perhaps, but they are both better
than the current default (md5), and al
On (11/06/2012 12:51), Simon L. B. Nielsen wrote:
> On Mon, Jun 11, 2012 at 11:44 AM, Lev Serebryakov wrote:
> > Hello, Simon.
> > You wrote 10 июня 2012 г., 14:02:50:
> >
> > SLBN> Has anyone looked at how long the SHA512 password hashing
> > SLBN> actually takes on modern computers?
> > Modern
Robert Simmons writes:
> Mike Tancsa writes:
> > change the users passwd to something new, or just use the old
> > passwd, but re-enter it
> Bad idea. Never reuse an old password.
What's an even worse idea is to learn such things by rote and spew them
back out without ever reflecting on what th
Dag-Erling Smørgrav writes:
> There's a world of difference between switching the default to an
> algorithm we already support and which is widely used by other operating
> systems, and switching to a completely knew and untested algorithm.
ouch. s/knew/new/.
DES
--
Dag-Erling Smørgrav - d...@
"O. Hartmann" writes:
> You should also file a PR for change-requets, so it is not only in the
> email list.
I have no idea what you mean by that...
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
http://lists.fr
Mike Tancsa writes:
> Locally, we still have a need to share some passwd files between a
> couple of RELENG_8 and RELENG_7 boxes. But it might be better to just
> upgrade the new boxes to 8 if need be. If not, is Blowfish as its
> currently implemented on RELENG_7 considered strong enough ? Ther
On 6/11/2012 10:00 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> Dag-Erling Smørgrav writes:
>>> Mike Tancsa writes:
Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
currently not there.
>>> "not there" as in "not supported by crypt(3)"?
>> If you put in sha2
Mike Tancsa writes:
> Dag-Erling Smørgrav writes:
> > Mike Tancsa writes:
> > > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
> > > currently not there.
> > "not there" as in "not supported by crypt(3)"?
> If you put in sha256|sha512 in passwd_format, the passwd that gets
> c
On Mon, Jun 11, 2012 at 11:44 AM, Lev Serebryakov wrote:
> Hello, Simon.
> You wrote 10 июня 2012 г., 14:02:50:
>
> SLBN> Has anyone looked at how long the SHA512 password hashing
> SLBN> actually takes on modern computers?
> Modern computers are not what should you afraid. Modern GPUs are.
>
On Sun, Jun 10, 2012 at 3:53 PM, Gleb Kurtsou wrote:
> On (10/06/2012 11:02), Simon L. B. Nielsen wrote:
>>
>> On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote:
>>
>> > We still have MD5 as our default password hash, even though known-hash
>> > attacks aga
On Mon, Jun 11, 2012 at 10:51:45AM +0200, Dag-Erling Smørgrav wrote:
> Damian Weber writes:
> > *collision* attacks are relatively easy these days, but against 1 MD5,
> > not against 1000 times MD5
>
> I'm not talking about collision attacks, I'm talking about brute-forcing
> hashes.
>
> > ther
On 6/11/2012 4:48 AM, Dag-Erling Smørgrav wrote:
> Mike Tancsa writes:
>> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
>> currently not there.
>
> "not there" as in "not supported by crypt(3)"?
If you put in sha256|sha512 in passwd_format, the passwd that gets
chosen is DES,
Hello, Simon.
You wrote 10 июня 2012 г., 14:02:50:
SLBN> Has anyone looked at how long the SHA512 password hashing
SLBN> actually takes on modern computers?
Modern computers are not what should you afraid. Modern GPUs are.
And they are incredibly fast in calculation of MD5, SHA-1 and SHA-2.
Lars Engels writes:
> BTW Solaris 10 and 11 support our Blowfish algorithm, Solaris 10 >= 10/08
> supports SHA256 and SHA512 and SHA256 was mad the default algorithm in
> Solaris 11.
> Some Linux variants support Blowfish and from glibc 2.7 on they have
> support for SHA256 and SHA512.
>
> So the
Oliver Pinter writes:
> 16 rounds in 2012? It is not to weak?!
Perhaps. I don't see how that affects sha512.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
Damian Weber writes:
> *collision* attacks are relatively easy these days, but against 1 MD5,
> not against 1000 times MD5
I'm not talking about collision attacks, I'm talking about brute-forcing
hashes.
> there is a NIST hash competition running, the winner will soon be announced
> (and it won
Mike Tancsa writes:
> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
> currently not there.
"not there" as in "not supported by crypt(3)"?
> http://phk.freebsd.dk/sagas/md5crypt_eol.html
That blog entry is (partly) why I suggested this change. I think phk is
being overly pes
On 2012-06-10 19:24, RW wrote:
On Mon, 11 Jun 2012 00:37:30 +0200
Oliver Pinter wrote:
16 rounds in 2012? It is not to weak?!
It's hard to say. Remember that blowfish was designed as a cipher not
a hash. It's designed to be fast, but to still resist known plaintext
attacks at the beginning o
On 6/11/12, RW wrote:
> On Mon, 11 Jun 2012 00:37:30 +0200
> Oliver Pinter wrote:
>
>
>> 16 rounds in 2012? It is not to weak?!
>
> It's hard to say. Remember that blowfish was designed as a cipher not
> a hash. It's designed to be fast, but to still resist known plaintext
> attacks at the beginni
On Mon, 11 Jun 2012 00:37:30 +0200
Oliver Pinter wrote:
> 16 rounds in 2012? It is not to weak?!
It's hard to say. Remember that blowfish was designed as a cipher not
a hash. It's designed to be fast, but to still resist known plaintext
attacks at the beginning of the ciphertext. It was also des
X:0:0::0:0:XXX:/root:/bin/csh
:$2a$04$X:100X:100X::0:0:X:/home/:/bin/tcsh
16 rounds in 2012? It is not to weak?!
On 6/8/12, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even th
On 6/8/12, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instead of MD5, l
On 06/10/2012 06:02 AM, Simon L. B. Nielsen wrote:
Has anyone looked at how long the SHA512 password hashing actually
takes on modern computers? The "real" solution for people who care
significantly about this seems something like the algorithm pjd
implemented (I think he did it at least) for G
> On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote:
>
> > We still have MD5 as our default password hash, even though known-hash
> > attacks against MD5 are relatively easy these days.
*collision* attacks are relatively easy these days, but against 1 MD5,
not against 100
On (10/06/2012 11:02), Simon L. B. Nielsen wrote:
>
> On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote:
>
> > We still have MD5 as our default password hash, even though known-hash
> > attacks against MD5 are relatively easy these days. We've supported
> > SHA2
On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> defau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 06/09/12 04:34, Mike Tancsa wrote:
> On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote:
>> We still have MD5 as our default password hash, even though
>> known-hash attacks against MD5 are relatively easy these days.
>> We&#x
On 9 June 2012 13:16, Robert Simmons wrote:
> On Sat, Jun 9, 2012 at 9:34 AM, Mike Tancsa wrote:
>> On 6/9/2012 9:19 AM, someone wrote:
>>> hi,
>>>
>>> what is needed to change from md5 to sha512 ? As all old passwd are md5, I
>>> imagine there is a
>>> sequence of steps not to lock me out of th
On Sat, Jun 9, 2012 at 9:34 AM, Mike Tancsa wrote:
> On 6/9/2012 9:19 AM, someone wrote:
>> hi,
>>
>> what is needed to change from md5 to sha512 ? As all old passwd are md5, I
>> imagine there is a
>> sequence of steps not to lock me out of the box. is there any place that
>> documents this ?
>
On Sat, 09 Jun 2012 07:34:22 -0400
Mike Tancsa wrote:
> On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote:
> > We still have MD5 as our default password hash, even though
> > known-hash attacks against MD5 are relatively easy these days.
> > We've supported SHA256 and SHA
On Sat, Jun 09, 2012 at 12:04:25AM -0400, emu wrote:
> On 2012-06-09 00:01, Robert Simmons wrote:
> > On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov
> > wrote:
> >> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav
> >> wrote:
> >>> We stil
On 6/9/2012 6:34 AM, Mike Tancsa wrote:
> Sort of a security issue considering this assessment of MD5
You can use blf (blowfish) as well.
Regards,
Bryan Drewery
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/fre
On Sat, June 9, 2012 10:34, Mike Tancsa wrote:
> On 6/9/2012 9:19 AM, someone wrote:
>> hi,
>>
>> what is needed to change from md5 to sha512 ? As all old passwd are md5, I
>> imagine there is a
>> sequence of steps not to lock me out of the box. is there any place that
>> documents this ?
>
> Y
On 6/9/2012 9:19 AM, someone wrote:
> hi,
>
> what is needed to change from md5 to sha512 ? As all old passwd are md5, I
> imagine there is a
> sequence of steps not to lock me out of the box. is there any place that
> documents this ?
You need a relatively recent RELENG_8, not sure the exact d
On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instea
On 2012-06-09 09:43, O. Hartmann wrote:
> On 06/08/12 14:51, Dag-Erling Smørgrav wrote:
>> We still have MD5 as our default password hash, even though known-hash
>> attacks against MD5 are relatively easy these days. We've supported
>> SHA256 and SHA512 for many year
On 2012-06-09 00:01, Robert Simmons wrote:
On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov
wrote:
On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav
wrote:
We still have MD5 as our default password hash, even though
known-hash
attacks against MD5 are relatively easy these days. We&#x
On 06/09/12 11:28, Dimitry Andric wrote:
> On 2012-06-09 09:43, O. Hartmann wrote:
>> On 06/08/12 14:51, Dag-Erling Smørgrav wrote:
>>> We still have MD5 as our default password hash, even though known-hash
>>> attacks against MD5 are relatively easy these days. We&
On 06/08/12 14:51, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instea
On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov wrote:
> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav wrote:
>> We still have MD5 as our default password hash, even though known-hash
>> attacks against MD5 are relatively easy these days. We've supported
>> SHA256
Dag-Erling Smørgrav wrote:
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5, like on most Linux distribution
In message <20120608172857.ge2...@stack.nl>, Ruud Althuizen writes:
>Complication isn't your friend when considering cryptography.
Sorry, it's a one way relationship, and its the other way around:
If it is cryptography, it is complicated.
But it can be complicated without being cryptography.
-
On Fri 08 Jun 2012 05:47 PM, RW wrote:
> On Fri, 08 Jun 2012 14:51:55 +0200
> Dag-Erling Smørgrav wrote:
>
> > We still have MD5 as our default password hash, even though known-hash
> > attacks against MD5 are relatively easy these days.
>
> Are any of those
On Fri, 08 Jun 2012 14:51:55 +0200
Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days.
Are any of those attacks relevant to salted passwords even with a
single MD5 hash, let alone Fre
On Fri, Jun 08, 2012 at 02:51:55PM +0200, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512
On Fri, 08 Jun 2012 07:51:55 -0500, Dag-Erling Smørgrav wrote:
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead o
On 06/08/12 15:06, Maxim Khitrov wrote:
> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav wrote:
>> We still have MD5 as our default password hash, even though known-hash
>> attacks against MD5 are relatively easy these days. We've supported
>> SHA256 and SHA512
On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> d
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5, like on most Linux distributions?
Index: etc/login
62 matches
Mail list logo
