From owner-freebsd-questions@FreeBSD.ORG Sun Jun 24 23:06:25 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C8451065675 for ; Sun, 24 Jun 2012 23:06:25 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id 0F1D18FC14 for ; Sun, 24 Jun 2012 23:06:24 +0000 (UTC) Received: from [192.168.43.26] (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.5/8.14.4) with ESMTP id q5ON6Ma1090013; Sun, 24 Jun 2012 19:06:22 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <4FE79D5F.9020402@sentex.net> Date: Sun, 24 Jun 2012 19:06:07 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: "Christopher J. Ruwe" References: <20120623153710.36e7446f@dijkstra.cruwe.de> In-Reply-To: <20120623153710.36e7446f@dijkstra.cruwe.de> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.72 on 64.7.153.18 Cc: freebsd-questions@freebsd.org Subject: Re: changing md5 hashed for sha X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 23:06:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/23/2012 9:37 AM, Christopher J. Ruwe wrote: > For setting the dafault hash used to hash /etc/master.passwd, it > has been recommended changing md5 for something more secure in the > sense of being more expensive to crack. > > The handbook describes the procedure used in > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html. > > > Allegedly, hashes which were hashed with one of the sha-functions begin > with the character $6$. > > Afer having changed my /etc/login.conf accordingly and having > reset the passwords, the given there is not md5 anymore (I have > tried with md5), but does not begin with the character $6$, but, as > md5, with $1$, which is supposed to be md5-hashed. > > I fear I am a bit dense here, what am I getting wrong? Are you sure you ran cap_mkdb /etc/login.conf after adjusting the values in login.conf ? Also, this will only work on relatively recent versions of FreeBSD. ---Mike - -- - ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP551fAAoJEJXHwM2kc8rXS34H/j+uxWq8Pa9j0iXpehObx2iY LeeCZx7YbSv9AwGVHy/gTRtYP1uStBNn79oKV0ANSyjOT3F7l1MuygfJAqfXIKDm WdN4KX2D3tpAjVMdce1zX2rSy4OtXLYXpBXTiGmP2d/erAEtE9B8gJ8GQWDh0gWz 14CkQyefcF2YvmepSj3+9P69EzjlEm6vDMPyY/nrMlJcT8+ujtZX325+kQzQiiFX FFasbqekazHCUnKGZZY9arY01AxPKg5e2PXFZPQf3qQy3jHqOupnM3ei3D39O9aV gqJ/k2XDPjZYqAIy0gyPi99q4fCueYQFQrm2tyeTkV6+OxM8kdD5czx/FvySiG8= =FVSP -----END PGP SIGNATURE-----