Re: Which password cipher ?

["Pouya D. Tafti" <pouya%san-serriffe.org@localhost>]

On 1 December 2010 14:07, Julio Merino <jmmv84%gmail.com@localhost> wrote:
> On 12/1/10 11:49 AM, Steven Bellovin wrote:
>>
>> On Dec 1, 2010, at 6:14 05AM, Julio Merino wrote:
>>
>>> On 12/1/10 10:59 AM, Robert Elz wrote:
>>>>
>>>> Â Â Date: Â Â Â ÂWed, 1 Dec 2010 09:42:17 +0000
>>>> Â Â From: Â Â Â ÂJulio Merino<jmmv%NetBSD.org@localhost>
>>>>
>>>> Message-ID:<AANLkTimY1WcUrXgdObPZzi_jv2ysKV+9esJ46s5CXn=e%mail.gmail.com@localhost>
>>>>
>>>> Â | Which makes me wonder... why do we even *ask* people to choose a
>>>> Â | cypher algorithm during install? ÂCouldn't we, as the developers of
>>>> Â | the system, make a good choice for our users (and let them change it
>>>> Â | after installation if they so wish, just as they can with everything
>>>> Â | else)? Â(It just feels stupid that we have a question in sysinst for
>>>> Â | something as trivial as this but we don't have a way to select, e.g.
>>>> Â | which services to enable.)
>>>>
>>>> It is (of course) because we really want sysinst to encourage setting a
>>>> root password, and we need to know which cipher to use to set that one
>>>> with,
>>>> before it is set. Â Nothing sysinst does inhibits in any way enabling
>>>> the various services, but setting a root password with the "wrong"
>>>> cipher
>>>> would be annoying.
>>>
>>> "Of course". ÂBut really, who cares? ÂWhy would you ever have to think
>>> about what cypher algorithm to use, *specially* during installation? ÂAnd if
>>> you want to change it at all after install, you should know how to and,
>>> therefore, you should know what implications that has and how to deal with
>>> them.
>>
>> The simple answer is password file compatibility -- other systems accept
>> the older formats. ÂOver the years, I've seen many instances where someone
>> will say "send me your passwd file line". ÂDES is the most compatible; the
>> Blowfish and md5 methods are used by other open source systems; the
>> HMAC-SHA1 scheme was developed for NetBSD and doesn't exist elsewhere unless
>> they've picked up our code.
>
> I understand that having the ability to change the cypher algorithm can be
> handy (I'm not arguing otherwise). ÂBut that doesn't mean such a tunable
> needs to be available during the installation procedure.
>
> Anyway, thanks for the explanation.

How about simply adding the word "(recommended)" to the recommended
cypher algorithm?  I'm suggesting this because then users like me with
no substantial familiarity with the different cypher algorithms and
the implications of choosing each can go with the recommendation, and
those who know what they are doing will have the possibility of
fine-tuning the cypher during installation for whatever reason
(compatibility etc.).

Otherwise, sysinst could perhaps provide some additional information
about the consequences of choosing a particular cypher for
compatibility/security/etc. (maybe also including a partial list of
what is the preferred scheme on some popular systems).

Pardon my naivety, but how difficult is it to convert from one cypher
algorithm to another post installation?

Pouya