Re: PHK's MD5 might not be slow enough anymore
- From: Dag-Erling Smørgrav <des@xxxxxx>
- Date: Mon, 01 Feb 2010 14:25:50 +0100
Dan Lukes <dan@xxxxxxxxx> writes:
Mike Andrews <mandrews@xxxxxxxx> writes:
There is probably a login.conf knob to raise the default number ofNo. The standard way of password change flow trough pam_unix.c.
rounds beyond 2^4.
It call crypt(new_pass, salt) where salt is pseudo-random sequence. As
such salt doesn't start with a magic, the default algorithm is
selected. If it si blowfish, then crypt_blowfish(key, salt) is called.
Mike is mostly right and you are mostly wrong. The default algorithm is
indeed controlled by login.conf and auth.conf, although there is no way
to specify the number of rounds.
Dag-Erling Smørgrav - des@xxxxxx
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"