Hi all,
Thanks for your attention to the matter/threads. I have thought
a bit about this, and I hope I can add some value to the current
conversation, below:
On 03/07/2014 07:36 PM, Xin Li wrote:
On 03/07/14 14:50, A.J. Kehoe IV (Nanoman) wrote:
Xin Li wrote:
On 03/07/14 13:52, A.J. Kehoe
Warner Losh wrote this message on Fri, Mar 07, 2014 at 22:30 -0700:
> On Mar 7, 2014, at 10:22 PM, Allan Jude wrote:
> >> Performance for default, sha512 w/ 5k rounds:
> >> AMD A10-5700 3.4GHz3.8ms
> >> AMD Opteron 4228 HE 2.8Ghz 5.4ms
> >> Intel(R) Xeon(R) X5650 2.67GHz 4.0ms
On Mar 7, 2014, at 10:22 PM, Allan Jude wrote:
>> Performance for default, sha512 w/ 5k rounds:
>> AMD A10-5700 3.4GHz 3.8ms
>> AMD Opteron 4228 HE 2.8Ghz 5.4ms
>> Intel(R) Xeon(R) X5650 2.67GHz 4.0ms
>>
>> these times are aprox as the timing varies quite a bit, ~+/-10%…
And wh
On 2014-03-07 21:15, John-Mark Gurney wrote:
> Xin Li wrote this message on Fri, Mar 07, 2014 at 16:43 -0800:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 03/07/14 15:07, John-Mark Gurney wrote:
>>> Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
On 2014-03
Xin Li wrote:
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength
of the hashing algorithm (when combined with my other feature
requ
Xin Li wrote this message on Fri, Mar 07, 2014 at 16:36 -0800:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 03/07/14 14:50, A.J. Kehoe IV (Nanoman) wrote:
> > Xin Li wrote:
> >> Hi,
> >>
> >> On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
> >>> Allan Jude wrote:
> On 2014-03
Xin Li wrote this message on Fri, Mar 07, 2014 at 16:43 -0800:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 03/07/14 15:07, John-Mark Gurney wrote:
> > Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
> >> On 2014-03-07 17:06, Xin Li wrote:
> >>> Hi,
> >>>
> >>> On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 15:07, John-Mark Gurney wrote:
> Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
>> On 2014-03-07 17:06, Xin Li wrote:
>>> Hi,
>>>
>>> On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
> On 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/07/14 14:50, A.J. Kehoe IV (Nanoman) wrote:
> Xin Li wrote:
>> Hi,
>>
>> On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
>>> Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
> Allan Jude wrote:
>
> [...
Allan Jude wrote this message on Fri, Mar 07, 2014 at 17:53 -0500:
> On 2014-03-07 17:06, Xin Li wrote:
> > Hi,
> >
> > On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
> >> Allan Jude wrote:
> >>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
> Allan Jude wrote:
>
> [...]
>
On 2014-03-07 17:06, Xin Li wrote:
> Hi,
>
> On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
>> Allan Jude wrote:
>>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
> Honestly, my use case is just silently upgrading the strength
> of the h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
On 03/07/14 13:52, A.J. Kehoe IV (Nanoman) wrote:
> Allan Jude wrote:
>> On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
>>> Allan Jude wrote:
>>>
>>> [...]
>>>
Honestly, my use case is just silently upgrading the strength
of the
Allan Jude wrote:
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength of the
hashing algorithm (when combined with my other feature request).
Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. S
On 2014-03-07 11:13, A.J. Kehoe IV (Nanoman) wrote:
> Allan Jude wrote:
>
> [...]
>
>> Honestly, my use case is just silently upgrading the strength of the
>> hashing algorithm (when combined with my other feature request).
>> Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
>
On Friday, March 07, 2014 10:34:40 am Tom Evans wrote:
> On Fri, Mar 7, 2014 at 2:13 PM, John Baldwin wrote:
> > On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
> >> > > Password expiry is an orthogonal issue and should be up to
> >> > > administrator
> >> >
> >> > policy.
> >> >
> >
On Fri, 7 Mar 2014 09:13:30 -0500
John Baldwin wrote:
> I am assuming that an
> administrator wants the transparent upgrade (which I think is useful)
> because they are assuming that the hash algorithm is compromised or
> inferior.
I'd expect it to be done well in advance of that to give plenty o
Allan Jude wrote:
[...]
Honestly, my use case is just silently upgrading the strength of the
hashing algorithm (when combined with my other feature request).
Updating my bcrypt hashes from $2a$04$ to $2b$12$ or something. Same
applies for the default sha512, maybe I want to update to rounds=150
On Fri, Mar 7, 2014 at 2:13 PM, John Baldwin wrote:
> On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
>> > > Password expiry is an orthogonal issue and should be up to administrator
>> >
>> > policy.
>> >
>> > Yes, but if you are moving to a different algorithm to improve security,
>
On 2014-03-07 09:13, John Baldwin wrote:
> On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
Password expiry is an orthogonal issue and should be up to administrator
>>>
>>> policy.
>>>
>>> Yes, but if you are moving to a different algorithm to improve security, not
>>> coupling it
On Wednesday, March 05, 2014 3:09:30 pm Matthew Rezny wrote:
> > > Password expiry is an orthogonal issue and should be up to administrator
> >
> > policy.
> >
> > Yes, but if you are moving to a different algorithm to improve security, not
> > coupling it with an eventual expiration of non-migra
> > Password expiry is an orthogonal issue and should be up to administrator
>
> policy.
>
> Yes, but if you are moving to a different algorithm to improve security, not
> coupling it with an eventual expiration of non-migrated accounts gives a
> false sense of security. Any admin worth his/her
On Friday, February 28, 2014 4:58:29 pm Eitan Adler wrote:
> On 27 February 2014 20:14, Allan Jude wrote:
> > With r262501
> > (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
> > the upgraded bcrypt from OpenBSD and eventually changing the default
> > identifier for bcrypt
On 27 February 2014 20:14, Allan Jude wrote:
> With r262501
> (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
> the upgraded bcrypt from OpenBSD and eventually changing the default
> identifier for bcrypt to $2b$ it reminded me of a feature that is often
> seen in Forum so
On Friday, February 28, 2014 12:16:45 pm Allan Jude wrote:
> On 2014-02-28 10:07, Nick Hibma wrote:
> >
> > On 28 Feb 2014, at 02:14, Allan Jude wrote:
> >
> >> With r262501
> >> (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
> >> the upgraded bcrypt from OpenBSD and ev
On 2014-02-28 10:07, Nick Hibma wrote:
>
> On 28 Feb 2014, at 02:14, Allan Jude wrote:
>
>> With r262501
>> (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
>> the upgraded bcrypt from OpenBSD and eventually changing the default
>> identifier for bcrypt to $2b$ it reminde
On 28 Feb 2014, at 02:14, Allan Jude wrote:
> With r262501
> (http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
> the upgraded bcrypt from OpenBSD and eventually changing the default
> identifier for bcrypt to $2b$ it reminded me of a feature that is often
> seen in Forum s
With r262501
(http://svnweb.freebsd.org/base?view=revision&revision=262501) importing
the upgraded bcrypt from OpenBSD and eventually changing the default
identifier for bcrypt to $2b$ it reminded me of a feature that is often
seen in Forum software and other web apps.
Transparent algorithm upgrad
27 matches
Mail list logo
