Tomorrow I plan to remove the support for SHA1 passwords from libcrypt:
this was (re-)added silently by Mark Murray a few months ago as part of a
cleanup/re-merging of the libcrypt code, and he's already okayed the
re-removal.

The reason I want to remove this is because I intend to reimplement
libcrypt in a more extensible way sometime over the next few months
(assuming I can get over/around/under a final hurdle), and I'd prefer not
to have any more compatability warts than necessary (if this were to make
it into a release we'd have to support it forever). There's no real
advantage to using SHA1 passwords anyway, since they're an algorithmically
identical format to the default MD5 system, and there's nothing inherently
insecure about that one.

If anyone has been using SHA1 passwords, now's the time to regenerate them
:-)

Kris



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to