I don't mind this if the eventual goal is to think about diddling with
it per arch..
I certainly do NOT want a 2^11 blowfish password when logging into my sparc
On 15 December 2010 21:33, Ted Unangst <ted.unangst@gmail.com> wrote:
quoted text > On Wed, 15 Dec 2010, Ted Unangst wrote:
>
>> These values have not marched forward with the progress of time. For
>> perspective, the last increase in bcrypt rounds was around the time we
>> considered Monica Lewinsky a big scandal.
>
> OK, so let's table what the right values and just make the values
> configurable. Then we can discuss moving up (or even down).
>
> Index: login.conf.in
> ===================================================================
> RCS file: /home/tedu/cvs/src/etc/login.conf.in,v
> retrieving revision 1.2
> diff -u -r1.2 login.conf.in
> --- login.conf.in 9 Jan 2007 10:20:12 -0000 1.2
> +++ login.conf.in 16 Dec 2010 04:28:42 -0000
> @@ -46,7 +46,7 @@
> :maxproc-cur=@DEF_MAXPROC_CUR@:\
> :openfiles-cur=@DEF_OPENFILES_CUR@:\
> :stacksize-cur=4M:\
> - :localcipher=blowfish,6:\
> + :localcipher=blowfish,@DEF_BLOWFISH_RNDS@:\
> :ypcipher=old:\
> :tc=auth-defaults:\
> :tc=auth-ftp-defaults:
> @@ -62,7 +62,7 @@
> :maxproc=infinity:\
> :openfiles-cur=128:\
> :stacksize-cur=8M:\
> - :localcipher=blowfish,8:\
> + :localcipher=blowfish,@ROOT_BLOWFISH_RNDS@:\
> :tc=default:
>
> #
> Index: mklogin.conf
> ===================================================================
> RCS file: /home/tedu/cvs/src/etc/mklogin.conf,v
> retrieving revision 1.4
> diff -u -r1.4 mklogin.conf
> --- mklogin.conf 24 Mar 2009 20:34:51 -0000 1.4
> +++ mklogin.conf 16 Dec 2010 04:30:28 -0000
> @@ -19,6 +19,8 @@
> values["STAFF_MAXPROC_MAX"]="512"
> values["STAFF_MAXPROC_CUR"]="128"
> values["STAFF_OPENFILES_CUR"]="128"
> + values["DEF_BLOWFISH_RNDS"]="6"
> + values["ROOT_BLOWFISH_RNDS"]="8"
>
> # Optional overrides
> if (ARGC > 1) {
