On 2020/05/22 17:06, Daniel Jakots wrote: > Hi, > > We used to have different numbers of blowfish rounds between the > default and daemon classes in login.conf. On Jun 26, 2016, tedu > committed "upgrade selected login.conf to use auto rounds for bcrypt" > for amd64, sparc64, i386, and maccpc [1]. > > Since the class daemon inherits from the default class, the > :localcipher=blowfish,a:\ > is a duplicate. > > Here's a diff to remove them.
I'm OK with unifying these settings, but FWIW I never switched to auto for these, it doesn't seem all that sensible for somebody with the ability to generate enough load on the machine to be able to reduce the strength of bcrypt down to the 64 (2^6) rounds minimum.
