On Mon, May 13, 2013 at 08:24:43PM +0100, Stuart Henderson wrote:
> On 2013/05/13 18:35, Mark Lumsden wrote:
> > Shouldn't the default rounds for blowfish in adduser.perl be the same
> > as login.conf? ok?
> >
> > mark
> >
> > Index: adduser.perl
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/adduser/adduser.perl,v
> > retrieving revision 1.58
> > diff -u -p -u -p -r1.58 adduser.perl
> > --- adduser.perl 22 Sep 2011 10:59:23 -0000 1.58
> > +++ adduser.perl 12 May 2013 20:09:47 -0000
> > @@ -973,12 +973,12 @@ sub salt {
> > $salt = "";
> > } elsif ($encryptionmethod =~ /^blowfish/ ) {
> > ($encryptionmethod, $salt) = split(/\,/, $encryptionmethod);
> > - $salt = 7 unless $salt; # default rounds if unspecified
> > + $salt = 6 unless $salt; # default rounds if unspecified
> > } else {
> > warn "$encryptionmethod encryption method invalid\n" if ($verbose
> > > 0);
> > - warn "Falling back to blowfish,7...\n" if ($verbose > 0);
> > + warn "Falling back to blowfish,6...\n" if ($verbose > 0);
> > $encryptionmethod = "blowfish";
> > - $salt = 7;
> > + $salt = 6;
> > }
> >
> > warn "Salt is: $salt\n" if $verbose > 1;
> >
>
> The default number of rounds in login.conf was set to 6 in 2001 when the
> 1.4GHz p3 xeon was a pretty decent cpu - this number needs to go up, not down.
>
I agree. tedu suggest 9 for the number of user rounds and 11 for
root back in 2010. Are these numbers reasonable on most archs?
