Date: Fri, 08 Jun 2012 14:51:55 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: freebsd-security@freebsd.org Subject: Default password hash Message-ID: <86r4tqotjo.fsf@ds4.des.no>
next in thread | raw e-mail | index | archive | help
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5, like on most Linux distributions?
Index: etc/login.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- etc/login.conf (revision 236616)
+++ etc/login.conf (working copy)
@@ -23,7 +23,7 @@
# AND SEMANTICS'' section of getcap(3) for more escape sequences).
default:\
- :passwd_format=3Dmd5:\
+ :passwd_format=3Dsha512:\
:copyright=3D/etc/COPYRIGHT:\
:welcome=3D/etc/motd:\
:setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES:\
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r4tqotjo.fsf>