Better Password Hashes

A.J. Kehoe IV (Nanoman) nanoman at nanoman.ca
Mon Sep 30 18:26:03 UTC 2013


On the FreeBSD-security mailing list earlier this year, I brought up the issue of improving password hashes.  The patches I included were for FreeBSD 9-STABLE, which is what I use primarily.

gjb@ kindly advised me that the patches would need to be extensively tested on CURRENT before they'd be merged into 9-STABLE.  Derek Marcotte, who wrote the patches, sent me his updated versions for CURRENT, and I've submitted these in a PR:

http://www.freebsd.org/cgi/query-pr.cgi?pr=182518

(My apologies for neglecting to prefix the PR's Subject line with "[patch]".)

I've been using Derek's patches on my own production systems for the past few months, and I'm happy to say that they're working perfectly.  So, what we need now is to have these audited and tested by a larger audience, and then merged into 9-STABLE when a sufficient number of people are satisfied.

Let the testing begin!

-- 
A.J. Kehoe IV (Nanoman)     |  /"\  ASCII Ribbon Campaign
Nanoman's Company           |  \ /   - No HTML/RTF in E-mail
E-mail: nanoman at nanoman.ca  |   X    - No proprietary attachments
WWW: http://www.nanoman.ca/ |  / \   - Respect for open standards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3924 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20130930/78d0d3d8/attachment.bin>


More information about the freebsd-current mailing list