On Wed, 20 Oct 2021 at 14:37, Alistair Crooks <a...@pkgsrc.org> wrote:
> > > On Wed, 20 Oct 2021 at 13:39, nia <n...@netbsd.org> wrote: > >> I want to change the default cipher in passwd.conf to >> Argon2id, for these reasons: >> >> - Argon2id is resistant to GPU-based password cracking attacks. >> - Argon2id is resistant to side channel attacks. >> - It allows us to dynamically scale the CPU time and memory required >> to compute a password hash, making hashes that are strong and >> difficult to crack on fast machines, while not making you wait >> an unreasonable amount of time to log in on slow machines. >> >> The work to integrate Argon2 into NetBSD was done in 2019 and in >> the past few weeks I've been cleaning up the code, making sure >> we match the reference implementation, adding tests and documentation, >> etc. >> >> I've tested the Argon2 implementation and determined it's correct >> and usable on: >> >> - amd64 (Ryzen, Haswell...) >> - aarch64 (QEMU) >> - shark >> - macppc (G4) >> - sparc (50MHz, Argon2id shaves 7 seconds off login time compared to >> the current default.) >> > > Thanks for fixing up the Argon2 implementation > > I think it's a good idea, BUT I'd be a lot happier if the argon2 support > was in a regular release (I know it's just the default cipher going > forward, but I suspect some people have got into the nasty habit of cloning > some of /etc from git or hg - maybe even cvs? :) - repos in some places, > and onto various vintages of hosts) > > For those of you wanting to read about Jason High's work on bringing the > Argon2 routines to NetBSD, and adding them to the testing framework, please > see: > > https://blog.netbsd.org/tnf/entry/gsoc_2019_report_incorporating_the > https://blog.netbsd.org/tnf/entry/gsoc_2019_report_update_incorporating > https://wiki.netbsd.org/archives/2020/01/ > > (Not always easy to find using Google, for obvious reasons) > > > I think my MUA must be broken, as I can't see any reply to address the concerns that were raised above I see the change was made, nevertheless, on Oct 26th Or is the intent to discuss this in retrospect?
