On Tue, Jun 06, 2017 at 09:16:08PM +0200, Michal Mazurek wrote:
> When talking about this with mulander@ it came out that the docs could
> use a touch.
>
> The commit message for the diff that didn't update the docs was:
>
> permit "bcrypt" as an alias for "blowfish". this is, after all, what
> 99% of the world calls it.
> allow just "bcrypt" without params to mean auto-tune ("bcrypt,a").
> default remains 8 rounds (for now)
>
> Comments? OK?
>
the diff itself reads fine. one question:
> Index: lib/libc/crypt/crypt_checkpass.3
> ===================================================================
> RCS file: /cvs/src/lib/libc/crypt/crypt_checkpass.3,v
> retrieving revision 1.9
> diff -u -p -r1.9 crypt_checkpass.3
> --- lib/libc/crypt/crypt_checkpass.3 23 Jul 2015 22:20:02 -0000 1.9
> +++ lib/libc/crypt/crypt_checkpass.3 6 Jun 2017 19:06:59 -0000
> @@ -58,17 +58,29 @@ The provided
> .Fa password
> is randomly salted and hashed and stored in
> .Fa hash .
> +.Fa hash
> +must already be allocated, and
> +.Fa hashsize
> +must contain its size, which cannot be less than 61 bytes.
> The
> .Fa pref
> argument identifies the preferred hashing algorithm and parameters.
> +If set to
> +.Dv NULL
> +it defaults to
> +.Dq bcrypt,8 .
> Possible values are:
> .Bl -tag -width Ds
> -.It Dq bcrypt,<rounds>
> +.It Dq bcrypt[,<rounds>]
> The bcrypt algorithm, where the value of rounds can be between 4 and 31 and
> specifies the base 2 logarithm of the number of rounds.
> The special rounds value
> .Sq a
> automatically selects rounds based on system performance.
> +This is the default if rounds is omitted.
right now this man page suggests that people will use "bcrypt,a"
to "automatically suggest rounds based on system performance". is
that right? i'd have expected people to just use "bcrypt" (w/o
args). in fact, why have "a" at all? why not just have the default
as automatically selecting rounds, but you can optionally specify
an amount of rounds?
sorry, i know that's not really the main concern of your diff. it just
seems a bit weird, and that reflects in the way you're having to word
this.
jmc
> +.Dq blowfish
> +can be used as an alias for
> +.Dq bcrypt .
> .El
> .Sh RETURN VALUES
> .Rv -std crypt_checkpass crypt_newhash
> @@ -89,7 +101,9 @@ to
> .Er EINVAL
> if
> .Fa pref
> -is unsupported.
> +is unsupported, or the value of
> +.Fa hashsize
> +is insufficient.
> .Sh SEE ALSO
> .Xr crypt 3 ,
> .Xr login.conf 5 ,
>
> --
> Michal Mazurek
>
