Can someone explain what this will impact in normal use? Does this mean that passwords will default to DES? I've dug around a little and I'm not seeing where a default is set for passwords - my desktop right now is using sha512, but if I had to guess I'd say it's because it was the crypt(3) default. http://article.gmane.org/gmane.os.freebsd.devel.cvs/516280 Save me from guessing! :) What is the scope and impact of this change? Thanks. -- Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come.
On Wed, Oct 22, 2014 at 09:58:01AM -0400, Mason Loring Bliss wrote:> my desktop right now is using sha512, but if I had to guess I'd say it's > because it was the crypt(3) default.Or I could look at login.conf and see that it's set to sha512 there. Never mind. Nothing to see here - move along. :P -- Mason Loring Bliss (( If I have not seen as far as others, it is because mason at blisses.org )) giants were standing on my shoulders. - Hal Abelson
Mason Loring Bliss <mason at blisses.org> writes:> Can someone explain what this will impact in normal use? Does this > mean that passwords will default to DES?No, the default setting for user passwords is in login.conf and is still SHA-512. The hardcoded default only applies to programs that use crypt(3) for other purposes and do not call crypt_set_format(3) first. See https://bugs.freebsd.org/192277 for details and examples of affected applications. DES -- Dag-Erling Sm?rgrav - des at des.no