On Tue, Aug 05, 2003 at 08:45:50PM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 6, 2003 at 08:06:30 (+0900), itojun@iijlab.net wrote: ]
> > Subject: Re: /etc/passwd.conf 
> >
> > 	please read this.
> > 	http://www.usenix.org/events/usenix99/provos/provos_html/
> > 	Niels Provos and David Mazie`res, "A Future-Adaptable Password Scheme",
> > 	1999 USENIX Annual Technical Conference
> 
> Before you go about worrying about making the password hash function
> more secure you've got to make sure your users cannot choose easily
> guessed passwords in the first place:
> 
> 	http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=10206
> 
> I have this code updated and almost integrated into the netbsd-1-6
> branch, though I'm hoping to make the host-build part of it properly
> endian-independent before I re-publish the patch.

I was reviewing that one several months ago, and intended to focus on it
and get it done. I got sidetracked.

However, be sure to send me a note when you've updated it for 1-6. This
is a good change to make.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> The only difference I see
between voodoo and marketing research is that voodoo sometimes works! 
						- Leonard Stern