Better Password Hashes
A.J. Kehoe IV (Nanoman)
nanoman at nanoman.ca
Mon Jan 6 20:52:03 UTC 2014
A.J. Kehoe IV (Nanoman) wrote:
[...]
>http://www.freebsd.org/cgi/query-pr.cgi?pr=182518
[...]
It seems that pam_unix.c isn't the only file that needs patching. Notice pw_pwcrypt and pw_password in pw_user.c:
http://svnweb.freebsd.org/base/head/usr.sbin/pw/pw_user.c?view=markup
Rather than copy Derek's code into pw_user.c, we're thinking that this would be a better solution:
1. Copy Derek's code into libcrypt.
2. Modify Derek's patches to reference libcrypt instead.
3. Write a patch for pw_user.c to reference libcrypt.
It's entirely possible that there are other utilities and libraries that also need to be patched. Rather than use the copy-pasta method that appears to have been used between pam_unix.c and pw_user.c, everything can simply reference libcrypt.
Before we begin, does anyone have any comments?
--
A.J. Kehoe IV (Nanoman) | /"\ ASCII Ribbon Campaign
Nanoman's Company | \ / - No HTML/RTF in E-mail
E-mail: nanoman at nanoman.ca | X - No proprietary attachments
WWW: http://www.nanoman.ca/ | / \ - Respect for open standards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3924 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20140106/7f4398b1/attachment.bin>
More information about the freebsd-current
mailing list