|
Grex > Garage > #27: Proposal: Eliminate grex's custom password hash. | |
|
| Author |
Message |
| 22 new of 82 responses total. |
tod
|
|
response 61 of 82:
| 
Oct 7 21:04 UTC 2006 |
re #59
The light rail is on track but I know what you mean if you're referring to
the viaduct.
|
spooked
|
|
response 62 of 82:
|
Oct 7 22:24 UTC 2006 |
I was about to laugh... but, then I realised this is really quite sad
cause it could not be more true.
|
gull
|
|
response 63 of 82:
|
Oct 8 07:25 UTC 2006 |
Re resp:61: The viaduct, the 520 bridge, the monorail...take your pick.
|
tod
|
|
response 64 of 82:
|
Oct 8 16:29 UTC 2006 |
Too true
Now if only the Army Corps of Engineers would step up to replace the Viaduct
since they originally made it and if Nicholls and the Seattle circus would
keep their noses out of roadway decisions then...
Monorail should be strictly a mayor's call, imo
|
cross
|
|
response 65 of 82:
|
Oct 20 01:21 UTC 2006 |
An interesting discussion with Solar Designer, the author of the ``John the
Ripper'' software cracker. He discusses password security and the OpenBSD
bcrypt algorithm.
http://www.securityfocus.com/columnists/388/2
|
cross
|
|
response 66 of 82:
|
Oct 20 13:36 UTC 2006 |
As I read over my responses, I'm amazed by the number of typos I make.
|
cross
|
|
response 67 of 82:
|
Oct 20 13:39 UTC 2006 |
Btw- as an experiment, I grafted support for grexhash into John the Ripper.
It was pretty easy; it took about an hour.
Also, regarding OpenBSD upgrades: OpenBSD only supports upgrades between
consecutive releases; grex is running OpenBSD 3.8 now. To do a supported
upgrade, it would have to upgrade to OpenBSD 3.9 and then to 4.0.
I don't think skipping releases is a particularly good idea.
|
cross
|
|
response 68 of 82:
|
Oct 23 03:30 UTC 2006 |
So this was proposed over a month ago, and serious discussion stopped about
that long ago. What's the deal?
|
naftee
|
|
response 69 of 82:
|
Oct 24 02:07 UTC 2006 |
that's GreX for you :(
|
cross
|
|
response 70 of 82:
|
Oct 24 02:34 UTC 2006 |
Yeah, it is. Sad.
|
null
|
|
response 71 of 82:
|
Mar 11 09:08 UTC 2007 |
*sings* Time keeps on slippin... into the future....
|
cross
|
|
response 72 of 82:
|
May 13 03:04 UTC 2007 |
I implemented this about a month ago. We now have the majority of grex users
using bcrypt'ed passwords.
|
cross
|
|
response 73 of 82:
|
Jul 1 04:28 UTC 2007 |
As of right now, all but 15 or so users are using bcrypt'ed passwords. Had
we plugged this in back in September, it would be down to three or four.
|
jared
|
|
response 74 of 82:
|
Jul 1 15:41 UTC 2007 |
yup, made me login :-P
|
cross
|
|
response 75 of 82:
|
Jul 1 17:25 UTC 2007 |
Welcome back! :-)
|
cross
|
|
response 76 of 82:
|
Jul 3 02:33 UTC 2007 |
We're down to exactly one user using the grexhash system. If we can
get that user to login, we can safely eliminate the custom hashing code
in the coming upgrade.
|
gull
|
|
response 77 of 82:
|
Aug 22 17:08 UTC 2007 |
That might be me. I just tried to change mine, but it won't let me. I
get 'passwd: Permission denied.'
|
cross
|
|
response 78 of 82:
|
Aug 22 18:11 UTC 2007 |
No, it's not you, but the problem with changing your password is almost
certainly that you have a custom PATH that doesn't include /suid/bin before
/usr/bin.
|
gull
|
|
response 79 of 82:
|
Aug 22 19:04 UTC 2007 |
Looks like the problem is my path includes /usr/local/bin before
/suid/bin. I'm not sure how that's happening. I don't set PATH in my
.profile.
|
cross
|
|
response 80 of 82:
|
Aug 22 20:58 UTC 2007 |
Hmm; that's actually right.
|
cross
|
|
response 81 of 82:
|
Aug 22 21:00 UTC 2007 |
Okay, there's a wrapper script in /usr/local/bin that had the path to the real
password changing utility incorrect. I have corrected it.
|
cross
|
|
response 82 of 82:
|
May 16 03:13 UTC 2017 |
Well, nearly ten years have passed and much has changed. OpenBSD has
been upgraded to version 6.1, and SHA-1 has been broken. Good thing we
changed to bcrypt!
|