Re: Changing the default localcipher in passwd.conf to argon2id

To: Alistair Crooks <agc%pkgsrc.org@localhost>
Subject: Re: Changing the default localcipher in passwd.conf to argon2id
From: nia <nia%NetBSD.org@localhost>
Date: Tue, 2 Nov 2021 08:55:39 +0000

On Sun, Oct 31, 2021 at 04:45:59PM -0700, Alistair Crooks wrote:
> Or is the intent to discuss this in retrospect?

Is the concern primarily with it not being in a release?

I'm not really certain how I could address it, other than a prerequisite
waiting a few years. It's true that existing passwords won't be affected
until they're regenerated, and people who are updating etc with etcupdate
will get a prior warning that some configuration is changing. Updating
etc in any other way seems like it will get you nasty surprises
regardless :/

Something that now occurs to me is that the error feedback from passwd
is not good at all if an unspecified cipher is used:

Couldn't generate salt.
Unable to change auth token: Error in service module

but this may be down to limitations in the crypt interface.

References:
- Changing the default localcipher in passwd.conf to argon2id
  - From: nia
- Re: Changing the default localcipher in passwd.conf to argon2id
  - From: Alistair Crooks
- Re: Changing the default localcipher in passwd.conf to argon2id
  - From: Alistair Crooks

Prev by Date: Re: Changing the default localcipher in passwd.conf to argon2id
Next by Date: Re: Changing the default localcipher in passwd.conf to argon2id
Previous by Thread: Re: Changing the default localcipher in passwd.conf to argon2id
Next by Thread: Re: Changing the default localcipher in passwd.conf to argon2id
Indexes:

Home | Main Index | Thread Index | Old Index