|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dag-Erling Smørgrav (des
des.no)
Date: Mon Feb 01 2010 - 07:25:50 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dan Lukes <danobluda.cz> writes:
> Mike Andrews <mandrewsbit0.com> writes:
> > There is probably a login.conf knob to raise the default number of
> > rounds beyond 2^4.
> No. The standard way of password change flow trough pam_unix.c.
>
> It call crypt(new_pass, salt) where salt is pseudo-random sequence. As
> such salt doesn't start with a magic, the default algorithm is
> selected. If it si blowfish, then crypt_blowfish(key, salt) is called.
Mike is mostly right and you are mostly wrong. The default algorithm is
indeed controlled by login.conf and auth.conf, although there is no way
to specify the number of rounds.
DES
--
Dag-Erling Smørgrav - desdes.no
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]