Re: weird crypt-sha* in DragonFly BSD

["Samuel J. Greear" <sjg () thesjg com>]

> 2. Instead of:
> > + * The deprecated sha256/512 functions are somehow sensitive to the
> > + * order of this crypt_types array as well as their respective "name"
> > members.
> > + *
> > + * In order to ensure that both existing passwords will continue to work
> > and
> > + * that new passwords will be more secure by using the new algorithms
> > even
> > + * without updating the existing login.conf, this array is now scanned
> > + * backwards. This could be reverted in the future when the deprecated
> > SHA
> > + * functionality is removed.
> >
> > how about using the more reliable approach proposed by magnum here? -
> >
> > http://www.openwall.com/lists/john-dev/2012/01/19/1
> >
> > As you can see, he has even spent time to identify the specific 64-bit
> > magic values.  Of course, you'll need to double-check them (such as by
> > applying the patch and testing logins to existing accounts with both
> > sha256 and sha512 on a 64-bit DragonFly system.)
> There isn't a collision issue with $3$ and $4$ on DragonFly, so I don't
> see any obvious need. I intend to rip the old code out after a few
> releases, so the issue (if there is one) will be (relatively) short lived.

We just realized that we obviously need to do this.

Thanks again,
Sam