From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 12:51:57 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B8C9106566B for ; Fri, 8 Jun 2012 12:51:57 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id F2C468FC19 for ; Fri, 8 Jun 2012 12:51:56 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 13B786D5A for ; Fri, 8 Jun 2012 12:51:56 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id D3E339C18; Fri, 8 Jun 2012 14:51:55 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: freebsd-security@freebsd.org Date: Fri, 08 Jun 2012 14:51:55 +0200 Message-ID: <86r4tqotjo.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 12:51:57 -0000 We still have MD5 as our default password hash, even though known-hash attacks against MD5 are relatively easy these days. We've supported SHA256 and SHA512 for many years now, so how about making SHA512 the default instead of MD5, like on most Linux distributions? Index: etc/login.conf =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- etc/login.conf (revision 236616) +++ etc/login.conf (working copy) @@ -23,7 +23,7 @@ # AND SEMANTICS'' section of getcap(3) for more escape sequences). default:\ - :passwd_format=3Dmd5:\ + :passwd_format=3Dsha512:\ :copyright=3D/etc/COPYRIGHT:\ :welcome=3D/etc/motd:\ :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES:\ DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 13:06:44 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 29816106566C for ; Fri, 8 Jun 2012 13:06:44 +0000 (UTC) (envelope-from max@mxcrypt.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id D2B8C8FC17 for ; Fri, 8 Jun 2012 13:06:43 +0000 (UTC) Received: by qcsg15 with SMTP id g15so1002277qcs.13 for ; Fri, 08 Jun 2012 06:06:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=rNLYeeUrpagPcXbLKKhE1z2mHMXTdp8PgkJRNmZitsk=; b=IIeYIM3bbbFzYRqPHbBh4muyEh78ilCmyrGu8wue35yVP8ltktrTbPEI8MLpVwr7Ca sa34ZVWXgD1tVHpoGBgoOTOTefhWfU/mQ4s0UaF8M45fqDhubozBJQTZDEcwnL6MZi5B HNACopbUZsi3NFMOPfibRDeKh4lQAVzF5USzJRuIDhwhWK7yhC/Vaw7XD5r76PIDSrV5 WBWdH/rV7FYOmDeFWsnDwplOg5YnnRzj0odsEFOGonzX/tCHuOfOZuLanxD09f7xbm+m LZ4M6FzAWw0N3D43ziFPFbNewVq8s3pEuvqq9ejCNy/7LoZT64O4W7KrD5tpo90OEl+n I+rw== Received: by 10.229.137.15 with SMTP id u15mr1865677qct.113.1339160802255; Fri, 08 Jun 2012 06:06:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.109.137 with HTTP; Fri, 8 Jun 2012 06:06:12 -0700 (PDT) In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no> From: Maxim Khitrov Date: Fri, 8 Jun 2012 09:06:12 -0400 Message-ID: To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQmOPXs1uYqokmRMYw0UVpT7K+qQf/X8+ZDH/dluM2hhcQbhlakr8L9YY2f1w+27VaCMbTXx Cc: freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 13:06:44 -0000 On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Sm=C3=B8rgrav wrote= : > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. =C2=A0We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? If SHA-2 hashes have been supported for many years, why haven't the man pages been updated? login.conf(5) on 9.0-RELEASE still only lists "des", "md5", and "blf". I've been using the latter on my systems. - Max From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 14:48:53 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCAB51065672 for ; Fri, 8 Jun 2012 14:48:53 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 9604C8FC1C for ; Fri, 8 Jun 2012 14:48:53 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) for freebsd-security@freebsd.org with esmtp (envelope-from ) id <1Sd0UY-00086D-Ts>; Fri, 08 Jun 2012 16:48:46 +0200 Received: from munin.geoinf.fu-berlin.de ([130.133.86.110]) by inpost2.zedat.fu-berlin.de (Exim 4.69) for freebsd-security@freebsd.org with esmtpsa (envelope-from ) id <1Sd0UY-0003h7-RU>; Fri, 08 Jun 2012 16:48:46 +0200 Message-ID: <4FD210CB.6030000@zedat.fu-berlin.de> Date: Fri, 08 Jun 2012 16:48:43 +0200 From: "Hartmann, O." Organization: FU Berlin User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120602 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <86r4tqotjo.fsf@ds4.des.no> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: 130.133.86.110 Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 14:48:53 -0000 On 06/08/12 15:06, Maxim Khitrov wrote: > On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav wrote: >> We still have MD5 as our default password hash, even though known-hash >> attacks against MD5 are relatively easy these days. We've supported >> SHA256 and SHA512 for many years now, so how about making SHA512 the >> default instead of MD5, like on most Linux distributions? > > If SHA-2 hashes have been supported for many years, why haven't the > man pages been updated? login.conf(5) on 9.0-RELEASE still only lists > "des", "md5", and "blf". I've been using the latter on my systems. > > - Max > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" I asked similar things once: http://lists.freebsd.org/pipermail/freebsd-security/2009-January/005072.html I use "blf" since then. I hear the first time FreeBSD is supporting SHA256 and SHA512. Oliver From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 15:04:21 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5CD89106566B for ; Fri, 8 Jun 2012 15:04:21 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id 238148FC16 for ; Fri, 8 Jun 2012 15:04:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Content-Transfer-Encoding:Mime-Version:Cc:Date:References:Subject:To:Content-Type; bh=8Z/xUWYnhSYz7N+p3pg7zX+EJygA0w1RiMTpA1Kl4Bc=; b=FY7RZbvB65xkR5ruotmroZQf6bX85drI0ugdAfrsRpYF/zXOVJvUhSp1gmOt4njlJoPShqIDr+CccHWwjs3QPU1wsfeBtZCak4xpqvUFGDB0VRBREKD6z8aaBzlVPH1n; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Sd0jb-000F5z-Eh; Fri, 08 Jun 2012 10:04:20 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1339167853-26372-26371/5/60; Fri, 8 Jun 2012 15:04:13 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-security@freebsd.org References: <86r4tqotjo.fsf@ds4.des.no> Date: Fri, 8 Jun 2012 10:04:12 -0500 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Mark Felder Message-Id: In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> User-Agent: Opera Mail/11.64 (FreeBSD) X-SA-Score: -1.5 Cc: Dag-Erling =?ISO-8859-1?q?Sm=F8rgrav?= Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 15:04:21 -0000 On Fri, 08 Jun 2012 07:51:55 -0500, Dag-Erling Sm=C3=B8rgrav = wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? > > Index: etc/login.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). > > default:\ > - :passwd_format=3Dmd5:\ > + :passwd_format=3Dsha512:\ > :copyright=3D/etc/COPYRIGHT:\ > :welcome=3D/etc/motd:\ > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DY= ES:\ > > DES I strongly support this -- using either SHA-2 or Blowfish would be a = great =20 step forward. You'll also want to change the defuault for auth.conf so =20 adduser picks it up. # # $FreeBSD: releng/9.0/etc/auth.conf 118103 2003-07-28 02:28:51Z rwatson = $ # # Configure some authentication-related defaults. This file is being # gradually subsumed by user class and PAM configuration. # # crypt_default =3D md5 des From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 13:00:32 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D7FF106566B for ; Fri, 8 Jun 2012 13:00:32 +0000 (UTC) (envelope-from lars@e-new.0x20.net) Received: from mail.0x20.net (mail.0x20.net [217.69.76.211]) by mx1.freebsd.org (Postfix) with ESMTP id 2DDE08FC1D for ; Fri, 8 Jun 2012 13:00:31 +0000 (UTC) Received: from mail.0x20.net (mail.0x20.net [217.69.76.211]) by mail.0x20.net (Postfix) with ESMTP id 2FE256A601C for ; Fri, 8 Jun 2012 15:00:31 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.0x20.net Received: from mail.0x20.net ([217.69.76.211]) by mail.0x20.net (mail.0x20.net [217.69.76.211]) (amavisd-new, port 10024) with ESMTP id Px8tP-sxW71J for ; Fri, 8 Jun 2012 15:00:31 +0200 (CEST) Received: from e-new.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.0x20.net (Postfix) with ESMTPS id DDCF46A6006 for ; Fri, 8 Jun 2012 15:00:30 +0200 (CEST) Received: from e-new.0x20.net (localhost [127.0.0.1]) by e-new.0x20.net (8.14.5/8.14.5) with ESMTP id q58D0UFH019228 for ; Fri, 8 Jun 2012 15:00:30 +0200 (CEST) (envelope-from lars@e-new.0x20.net) Received: (from lars@localhost) by e-new.0x20.net (8.14.5/8.14.5/Submit) id q58D0Up2017988 for freebsd-security@freebsd.org; Fri, 8 Jun 2012 15:00:30 +0200 (CEST) (envelope-from lars) Date: Fri, 8 Jun 2012 15:00:30 +0200 From: Lars Engels To: freebsd-security@freebsd.org Message-ID: <20120608130030.GI5592@e-new.0x20.net> References: <86r4tqotjo.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="RxUQJxD9bT7Ys92M" Content-Disposition: inline In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> X-Editor: VIM - Vi IMproved 7.3 X-Operation-System: FreeBSD 8.3-RELEASE-p2 User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Fri, 08 Jun 2012 15:19:04 +0000 Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 13:00:32 -0000 --RxUQJxD9bT7Ys92M Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 08, 2012 at 02:51:55PM +0200, Dag-Erling Sm=C3=B8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? >=20 > Index: etc/login.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). >=20 > default:\ > - :passwd_format=3Dmd5:\ > + :passwd_format=3Dsha512:\ > :copyright=3D/etc/COPYRIGHT:\ > :welcome=3D/etc/motd:\ > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES= :\ >=20 +1 --RxUQJxD9bT7Ys92M Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/R924ACgkQKc512sD3afiqJACfflg3ODaEBe71+X4LS46fkzz+ gdMAn3hEL8Hb7Q30pviOjtJqPmjqEaaA =OxAF -----END PGP SIGNATURE----- --RxUQJxD9bT7Ys92M-- From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 16:47:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2983B1065675 for ; Fri, 8 Jun 2012 16:47:14 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id A895B8FC1C for ; Fri, 8 Jun 2012 16:47:13 +0000 (UTC) Received: by eaac13 with SMTP id c13so1492024eaa.13 for ; Fri, 08 Jun 2012 09:47:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=DL/L5Bs/bLZ+pObPyRRwNF2huMYFWobn2z5JgyPu8SI=; b=hTSaJZV1+393+N2MxRbWvzRuFZ50DpwhDoEtiRDqXqM/v86wSVXoL8XRZ568MBNQ5N Il4iWEfc5f8hThdEd0VpjuB8qWmkiEb3EzawkvIY4nGrHNEnbZjG5jAoO6X7+W2ZD72y woYZalypPrfs8cSPS597WrCh15KAdOe9RBzrkgjHnzaAosrTuPIP/FcTJy6FK/j1DpbZ RgVr//uabfoEifQSxNGY4EiaDHzyrubckwEU2SFDqI+/7ZAU/rslF9f30E3kgqwmifPr Q2/7tHS5Nwq0VShoGF5krdBI7SKwugfilUSJGojVNmktZ/tyrpK7Ib0Fne6sK+mFGWMB sMhg== Received: by 10.14.47.3 with SMTP id s3mr4206304eeb.127.1339174032542; Fri, 08 Jun 2012 09:47:12 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id c51sm24103844eei.12.2012.06.08.09.47.10 (version=SSLv3 cipher=OTHER); Fri, 08 Jun 2012 09:47:10 -0700 (PDT) Date: Fri, 8 Jun 2012 17:47:08 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120608174708.65bc90db@gumby.homeunix.com> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 16:47:14 -0000 On Fri, 08 Jun 2012 14:51:55 +0200 Dag-Erling Sm=F8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. =20 Are any of those attacks relevant to salted passwords even with a single MD5 hash, let alone FreeBSD's complicated iterative algorithm?=20 =20 > We've supported SHA256 and SHA512 for many years now, so how about > making SHA512 the default instead of MD5, like on most Linux > distributions? I think the most important consideration is which is most resistant to brute force dictionary attack with GPUs. From a quick look at the code SHA512 looks to have 5000 rounds compared to MD5's 1000, but it's not so easy to compare with Blowfish.=20 From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 17:28:58 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D38081065670 for ; Fri, 8 Jun 2012 17:28:58 +0000 (UTC) (envelope-from ruud@stack.nl) Received: from mx1.stack.nl (relay02.stack.nl [IPv6:2001:610:1108:5010::104]) by mx1.freebsd.org (Postfix) with ESMTP id 6C8298FC18 for ; Fri, 8 Jun 2012 17:28:58 +0000 (UTC) Received: from hammer.stack.nl (hammer.stack.nl [IPv6:2001:610:1108:5010::153]) by mx1.stack.nl (Postfix) with ESMTP id 33B713592FD; Fri, 8 Jun 2012 19:28:57 +0200 (CEST) Received: by hammer.stack.nl (Postfix, from userid 1965) id 27AC660EB; Fri, 8 Jun 2012 19:28:57 +0200 (CEST) Date: Fri, 8 Jun 2012 19:28:57 +0200 From: Ruud Althuizen To: RW Message-ID: <20120608172857.GE2410@stack.nl> References: <86r4tqotjo.fsf@ds4.des.no> <20120608174708.65bc90db@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lMM8JwqTlfDpEaS6" Content-Disposition: inline In-Reply-To: <20120608174708.65bc90db@gumby.homeunix.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ruud Althuizen List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 17:28:58 -0000 --lMM8JwqTlfDpEaS6 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri 08 Jun 2012 05:47 PM, RW wrote: > On Fri, 08 Jun 2012 14:51:55 +0200 > Dag-Erling Sm=C3=B8rgrav wrote: >=20 > > We still have MD5 as our default password hash, even though known-hash > > attacks against MD5 are relatively easy these days. =20 >=20 > Are any of those attacks relevant to salted passwords even with a > single MD5 hash, let alone FreeBSD's complicated iterative algorithm?=20 Complication isn't your friend when considering cryptography. --=20 With kind regards, Ruud Althuizen --lMM8JwqTlfDpEaS6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk/SNlkACgkQkqncCMFskRU+NgCfXMQOI9o3edJJDVEeqQQB3qQT OJsAoIMswOLjYAWVS5XKEs2Sci5iB7AJ =fysR -----END PGP SIGNATURE----- --lMM8JwqTlfDpEaS6-- From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 17:35:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25B881065670 for ; Fri, 8 Jun 2012 17:35:00 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id D51058FC0C for ; Fri, 8 Jun 2012 17:34:59 +0000 (UTC) Received: from critter.freebsd.dk (critter-phk.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id C1CBB13E59; Fri, 8 Jun 2012 17:34:58 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.5/8.14.5) with ESMTP id q58HYw78001652; Fri, 8 Jun 2012 17:34:58 GMT (envelope-from phk@phk.freebsd.dk) To: Ruud Althuizen From: "Poul-Henning Kamp" In-Reply-To: Your message of "Fri, 08 Jun 2012 19:28:57 +0200." <20120608172857.GE2410@stack.nl> Content-Type: text/plain; charset=ISO-8859-1 Date: Fri, 08 Jun 2012 17:34:58 +0000 Message-ID: <1651.1339176898@critter.freebsd.dk> Cc: freebsd-security@freebsd.org, RW Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 17:35:00 -0000 In message <20120608172857.GE2410@stack.nl>, Ruud Althuizen writes: >Complication isn't your friend when considering cryptography. Sorry, it's a one way relationship, and its the other way around: If it is cryptography, it is complicated. But it can be complicated without being cryptography. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-security@FreeBSD.ORG Fri Jun 8 21:34:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EAE5E106564A for ; Fri, 8 Jun 2012 21:34:15 +0000 (UTC) (envelope-from brett@lariat.org) Received: from lariat.net (lariat.net [66.62.230.51]) by mx1.freebsd.org (Postfix) with ESMTP id A3EA18FC16 for ; Fri, 8 Jun 2012 21:33:52 +0000 (UTC) Received: from WildRover.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2] (may be forged)) by lariat.net (8.9.3/8.9.3) with ESMTP id PAA26236 for ; Fri, 8 Jun 2012 15:33:43 -0600 (MDT) Message-Id: <201206082133.PAA26236@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 08 Jun 2012 15:33:41 -0600 To: freebsd-security@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 21:34:16 -0000 One thing to consider -- given the nature of the recent attack on LinkedIn -- is to provide a setting that allows one to increase the size of the "salt." The main danger, when a file of hashed passwords is stolen (as was the case with LinkedIn), is that an attacker can use a pre-computed dictionary to break accounts with weak or commonly used passwords. The larger the "salt," the more impractical it becomes to prepare or store such a dictionary. This can matter more than the strength or computational burden of the hashing algorithm. --Brett Glass At 06:51 AM 6/8/2012, Dag-Erling Smørgrav wrote: >We still have MD5 as our default password hash, even though known-hash >attacks against MD5 are relatively easy these days. We've supported >SHA256 and SHA512 for many years now, so how about making SHA512 the >default instead of MD5, like on most Linux distributions? > >Index: etc/login.conf >=================================================================== >--- etc/login.conf (revision 236616) >+++ etc/login.conf (working copy) >@@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). > > default:\ >- :passwd_format=md5:\ >+ :passwd_format=sha512:\ > :copyright=/etc/COPYRIGHT:\ > :welcome=/etc/motd:\ > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ > >DES >-- >Dag-Erling Smørgrav - des@des.no >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > >----- >No virus found in this message. >Checked by AVG - www.avg.com >Version: 10.0.1424 / Virus Database: 2433/5055 - Release Date: 06/07/12 From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 04:02:04 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9E76106564A for ; Sat, 9 Jun 2012 04:02:04 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6F0CA8FC15 for ; Sat, 9 Jun 2012 04:02:04 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so1653482vcb.13 for ; Fri, 08 Jun 2012 21:01:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=beofKzdmS8cHXaCErl0JWGo8FcS3h0QjnnlivcyOoI4=; b=DFJJG5sr7xTvavSj3zUNSz2HcMhaYi47eyS3yxmxTdConLo3/btt7nx25ieJTv5xIv 0PWR6T8eYa4T8HYrZYd10dGBNPWys+QHRl46NdkPYpZqQTnPeveW+7pIMqA/gGe7hESd moE/+l6ALYkyxgQpO8dkzVyWgrOaDnSkbIJdaOieoNcmWQ4M/UnuBLJ86zkK8/bOoKZY f1VNeubqzk/MZo1om58u2tqU3/PCYVeqpGmlYKdAgygnq35MOtPnYQ+m6mXc13vkppQt q9LF4ka5orqRbOKNiHHHXgIyr/pbNKirUaogOwH7oO4uwuGpt+ZOTwZNQZJ5WXwz657L RDuQ== MIME-Version: 1.0 Received: by 10.220.226.68 with SMTP id iv4mr8166198vcb.21.1339214518019; Fri, 08 Jun 2012 21:01:58 -0700 (PDT) Received: by 10.52.113.97 with HTTP; Fri, 8 Jun 2012 21:01:57 -0700 (PDT) In-Reply-To: References: <86r4tqotjo.fsf@ds4.des.no> Date: Sat, 9 Jun 2012 00:01:57 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 04:02:04 -0000 On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov wrote: > On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Sm=F8rgrav wrote: >> We still have MD5 as our default password hash, even though known-hash >> attacks against MD5 are relatively easy these days. =A0We've supported >> SHA256 and SHA512 for many years now, so how about making SHA512 the >> default instead of MD5, like on most Linux distributions? > > If SHA-2 hashes have been supported for many years, why haven't the > man pages been updated? login.conf(5) on 9.0-RELEASE still only lists > "des", "md5", and "blf". I've been using the latter on my systems. Yes, I think at least listing all the supported algorithms in the login.conf man page is of utmost importance. I've been using blowfish since it was introduced to FreeBSD over 12 years ago, but I had no idea that any other algorithms were possible/available until now. From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 07:43:12 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 234C2106564A; Sat, 9 Jun 2012 07:43:12 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id CA08B8FC08; Sat, 9 Jun 2012 07:43:11 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) with esmtp (envelope-from ) id <1SdGKE-0000qo-NU>; Sat, 09 Jun 2012 09:43:10 +0200 Received: from e178004171.adsl.alicedsl.de ([85.178.4.171] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.69) with esmtpsa (envelope-from ) id <1SdGKE-0005i2-I4>; Sat, 09 Jun 2012 09:43:10 +0200 Message-ID: <4FD2FE87.1060708@zedat.fu-berlin.de> Date: Sat, 09 Jun 2012 09:43:03 +0200 From: "O. Hartmann" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120601 Thunderbird/12.0.1 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <86r4tqotjo.fsf@ds4.des.no> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> X-Enigmail-Version: 1.4.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7DD995A299773893EAE04524" X-Originating-IP: 85.178.4.171 Cc: freebsd-security@freebsd.org, "freebsd-cur >> Current FreeBSD" Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 07:43:12 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7DD995A299773893EAE04524 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 06/08/12 14:51, Dag-Erling Sm=C3=B8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? >=20 > Index: etc/login.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). >=20 > default:\ > - :passwd_format=3Dmd5:\ > + :passwd_format=3Dsha512:\ > :copyright=3D/etc/COPYRIGHT:\ > :welcome=3D/etc/motd:\ > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DY= ES:\ >=20 > DES You should also file a PR for change-requets, so it is not only in the email list. I second a change, since I use "blf" since 2009 without (obvious) problems. The manpage for login.conf also needs an update. I checked this morning and found that thye manpage doesn't even mention hashes apart from des, md5 and blf. Oliver --------------enig7DD995A299773893EAE04524 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJP0v6OAAoJEOgBcD7A/5N8cLsH/i3nLMA3KruJ1Jv0zx/vOI0t 4pRMVVuDQvoDXoBtbAgrv3pRBMJ/EdHhgd3giAw8MB16MBvN/JO5ilBZx3ox+nCm 7Jqa5Ga9hTLZmnYv7hBbQhDVSdikOVSlGYM2SGTOowxW6xDsiYnfrDyBPmFMEJ8j Mi3uLjH985yWlVls6qHzsnMhIRCt8J8KsxKdN6Fb2T2wz6v4ihy1x3V5JBPo1Tgu bWiT/DKEhzpgouiyhyR4F2GP25qJZawDn6Pbt99eSpUwuCTPxqH/WEm7shxxS7+1 064zF8RHi3mPuhqjtIjoJCz+v3+qTyWYWWe++7tGu/zsshRkN7T8j77lwe3Jejs= =Veyv -----END PGP SIGNATURE----- --------------enig7DD995A299773893EAE04524-- From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 08:51:49 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DF459106566C; Sat, 9 Jun 2012 08:51:49 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3157E8FC1A; Sat, 9 Jun 2012 08:51:48 +0000 (UTC) Received: by lbon10 with SMTP id n10so2290950lbo.13 for ; Sat, 09 Jun 2012 01:51:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=pGlfqDU8jGK8eErX7BNtocyVqhpPn7CdGjDK6wiB92I=; b=tzPo0cUPZjRpHWFxy/wibv6LtfEGYQ06aacSEK9o7B44nZ8JS/4tNecxDcc+rXsy0R r3nbVqb8hEaXPhvDE5D+GHi+vo0lpmruZdbCfgfz05JSl+C6TKpGX90U2OFv4ZTMFddM q2AOwqIVNK/Ym90bJkLd8pij6dmNT1z+PMtEbiTLgcCxbVLsM7rfYiiPmyn+QuHvW2Gz KSxAhvA9g1fDgNqOr7EKhZvd01Gd4U10n0J0w+IevVhHMxqDxGeNkl7zaSBpAgeUZ4zy 92mRpqhx7yV0xq1YiDgmeElP33uRe+0guhAH/7xG94WMq3LGtHtbie9czMYiY6v3LyAg +k1Q== Received: by 10.112.17.227 with SMTP id r3mr560949lbd.41.1339231907966; Sat, 09 Jun 2012 01:51:47 -0700 (PDT) Received: from localhost ([78.157.92.5]) by mx.google.com with ESMTPS id pp2sm13702224lab.3.2012.06.09.01.51.46 (version=SSLv3 cipher=OTHER); Sat, 09 Jun 2012 01:51:46 -0700 (PDT) Date: Sat, 9 Jun 2012 11:51:41 +0300 From: Gleb Kurtsou To: Pawel Jakub Dawidek Message-ID: <20120609085141.GA1153@reks> References: <20120531194825.GB1400@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20120531194825.GB1400@garage.freebsd.pl> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@FreeBSD.org Subject: Re: OpenSSL change for review. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 08:51:50 -0000 On (31/05/2012 21:48), Pawel Jakub Dawidek wrote: > As learned on someone else's mistakes, I'd like to ask for a review of > those changes related to random data handling: > > http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch > http://people.freebsd.org/~pjd/patches/openssl_rand_unix.c.patch > > The first patch changes arc4random() to use sysctl to obtain random data > instead of opening /dev/random. The main reason here is to make it more > sandbox-friendly. Once closed in sandbox, a process can no longer open > files, so it has no access to proper random data. As a side-effect it > should be a bit faster as instead of three system calls (open, read and > close) we use only one (__sysctl). > > The second patch enables the use of libc's arc4random(3) in OpenSSL. While at it, did you consider replacing default homegrown OpenSSL random generator (ssleay_rand_*) with something standard (this "hash uninitialized user buffer to increase entropy" thing makes me nervous, which was also the source of well known Debian RSA key generation issue). There is standard (ANSI X9.31 A.2.4) AES-based implementation under openssl/fips/rand. Replacing fips_get_dt with our arc4random_buf() looks straightforward. It may be performance improvement as well, considering both OpenSSL and hardware support AESNI. Or simply replace the whole thing with arc4random_*.. It's common practice to put internal/compat syscall declarations into .c file itself in libc (like __sysctl you did). Handling such cases becomes a disaster if syscall changes. Why not move declaration to include/libc_private.h? Patches are good to commit, IMHO. > After implementing the first one I found that OpenBSD's arc4random(3) > also uses sysctl, but without fall back to /dev/random. > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > FreeBSD committer http://www.FreeBSD.org > Am I Evil? Yes, I Am! http://tupytaj.pl From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 10:11:48 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DBDED1065674; Sat, 9 Jun 2012 10:11:48 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 8F3338FC16; Sat, 9 Jun 2012 10:11:48 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) with esmtp (envelope-from ) id <1SdIe3-0006O3-He>; Sat, 09 Jun 2012 12:11:47 +0200 Received: from e178004171.adsl.alicedsl.de ([85.178.4.171] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.69) with esmtpsa (envelope-from ) id <1SdIe3-0003zC-C2>; Sat, 09 Jun 2012 12:11:47 +0200 Message-ID: <4FD3215C.9030203@zedat.fu-berlin.de> Date: Sat, 09 Jun 2012 12:11:40 +0200 From: "O. Hartmann" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120601 Thunderbird/12.0.1 MIME-Version: 1.0 To: Dimitry Andric References: <86r4tqotjo.fsf@ds4.des.no> <4FD2FE87.1060708@zedat.fu-berlin.de> <4FD3173E.2040505@FreeBSD.org> In-Reply-To: <4FD3173E.2040505@FreeBSD.org> X-Enigmail-Version: 1.4.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigAB3E12C037237A173F97A2E6" X-Originating-IP: 85.178.4.171 Cc: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= , freebsd-current@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 10:11:49 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigAB3E12C037237A173F97A2E6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 06/09/12 11:28, Dimitry Andric wrote: > On 2012-06-09 09:43, O. Hartmann wrote: >> On 06/08/12 14:51, Dag-Erling Sm=C3=B8rgrav wrote: >>> We still have MD5 as our default password hash, even though known-has= h >>> attacks against MD5 are relatively easy these days. We've supported >>> SHA256 and SHA512 for many years now, so how about making SHA512 the >>> default instead of MD5, like on most Linux distributions? > ... >> The manpage for login.conf also needs an update. I checked this mornin= g >> and found that thye manpage doesn't even mention hashes apart from des= , >> md5 and blf. >=20 > Dag-Erling fixed this just yesterday :) >=20 > http://svn.freebsd.org/changeset/base/236751 Great and thank you all ... :-) --------------enigAB3E12C037237A173F97A2E6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJP0yFjAAoJEOgBcD7A/5N8z1AH/jg1WlGel37h81IUqGmzCido uWL2IJHrPfR0XGrnZ5Wi/uvs41UxMEjnNHL0wsNZ/HEOLnaVPB2y7xMlaQIzKMSu ioUNKp/iSGWlqmP5q31QFlfTZnu7T3Z77LB/knGyvMjnqFky82zhxxbyTzCymHla i4fu5ZHyk0O+33rG6Qk5YPAzmUQiYHXLJK8xg6ojmYjr6JvXYfq+szF/LRfyhZVR wbHSFzV4lSFp77fXb8ICzAM9MPGdtaUUjgc2uWAqPXTPhm87pDTk3tLepF/JlJ0u CaN7b2SE/MGwSdGIpvJFquEaK1zZNAIRMTBQ4sN5RLeLvr0GCgQfAGtsyi6je+w= =/ick -----END PGP SIGNATURE----- --------------enigAB3E12C037237A173F97A2E6-- From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 04:15:37 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DC63B106566C for ; Sat, 9 Jun 2012 04:15:37 +0000 (UTC) (envelope-from emu@karma.emu.so) Received: from karma.emu.so (ns1.emu.so [199.15.250.19]) by mx1.freebsd.org (Postfix) with ESMTP id 4AE1E8FC0C for ; Sat, 9 Jun 2012 04:15:37 +0000 (UTC) Received: by karma.emu.so (Postfix, from userid 80) id BCC2D405821; Sat, 9 Jun 2012 00:04:25 -0400 (EDT) To: X-PHP-Originating-Script: 501:main.inc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Sat, 09 Jun 2012 00:04:25 -0400 From: emu In-Reply-To: References: <86r4tqotjo.fsf@ds4.des.no> Message-ID: X-Sender: emu@karma.emu.so User-Agent: Roundcube Webmail/0.7.2 X-Mailman-Approved-At: Sat, 09 Jun 2012 11:04:00 +0000 Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 04:15:37 -0000 On 2012-06-09 00:01, Robert Simmons wrote: > On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov > wrote: >> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav >> wrote: >>> We still have MD5 as our default password hash, even though >>> known-hash >>> attacks against MD5 are relatively easy these days.  We've >>> supported >>> SHA256 and SHA512 for many years now, so how about making SHA512 >>> the >>> default instead of MD5, like on most Linux distributions? >> >> If SHA-2 hashes have been supported for many years, why haven't the >> man pages been updated? login.conf(5) on 9.0-RELEASE still only >> lists >> "des", "md5", and "blf". I've been using the latter on my systems. > > Yes, I think at least listing all the supported algorithms in the > login.conf man page is of utmost importance. I've been using > blowfish > since it was introduced to FreeBSD over 12 years ago, but I had no > idea that any other algorithms were possible/available until now. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" it was listed with 9.0, change /etc/login.conf from md5 to sha512 and then cap_mkdb /etc/login.conf and then passwd root/users for effect. as a previous post im not sure the /etc/auth.conf is necessary. From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 09:28:25 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD7F0106566B; Sat, 9 Jun 2012 09:28:25 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (cl-327.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:146::2]) by mx1.freebsd.org (Postfix) with ESMTP id 961DD8FC0A; Sat, 9 Jun 2012 09:28:25 +0000 (UTC) Received: from [IPv6:2001:7b8:3a7:0:ac9c:8782:4659:6790] (unknown [IPv6:2001:7b8:3a7:0:ac9c:8782:4659:6790]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 2067D5C37; Sat, 9 Jun 2012 11:28:24 +0200 (CEST) Message-ID: <4FD3173E.2040505@FreeBSD.org> Date: Sat, 09 Jun 2012 11:28:30 +0200 From: Dimitry Andric Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120529 Thunderbird/13.0 MIME-Version: 1.0 To: "O. Hartmann" References: <86r4tqotjo.fsf@ds4.des.no> <4FD2FE87.1060708@zedat.fu-berlin.de> In-Reply-To: <4FD2FE87.1060708@zedat.fu-berlin.de> X-Enigmail-Version: 1.5a1pre Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sat, 09 Jun 2012 11:14:33 +0000 Cc: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= , freebsd-current@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 09:28:26 -0000 On 2012-06-09 09:43, O. Hartmann wrote: > On 06/08/12 14:51, Dag-Erling Sm=C3=B8rgrav wrote: >> We still have MD5 as our default password hash, even though known-hash= >> attacks against MD5 are relatively easy these days. We've supported >> SHA256 and SHA512 for many years now, so how about making SHA512 the >> default instead of MD5, like on most Linux distributions? =2E.. > The manpage for login.conf also needs an update. I checked this morning= > and found that thye manpage doesn't even mention hashes apart from des,= > md5 and blf. Dag-Erling fixed this just yesterday :) http://svn.freebsd.org/changeset/base/236751 From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 11:34:24 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 604E1106566B for ; Sat, 9 Jun 2012 11:34:24 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id 24C9A8FC1C for ; Sat, 9 Jun 2012 11:34:24 +0000 (UTC) Received: from [192.168.43.26] (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.5/8.14.4) with ESMTP id q59BYLHV038364; Sat, 9 Jun 2012 07:34:21 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <4FD334BE.4020900@sentex.net> Date: Sat, 09 Jun 2012 07:34:22 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <86r4tqotjo.fsf@ds4.des.no> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.72 on 64.7.153.18 Cc: freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 11:34:24 -0000 On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its currently not there. RELENG_7 is supported until 2013 Sort of a security issue considering this assessment of MD5 http://phk.freebsd.dk/sagas/md5crypt_eol.html ---Mike > > Index: etc/login.conf > =================================================================== > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). > > default:\ > - :passwd_format=md5:\ > + :passwd_format=sha512:\ > :copyright=/etc/COPYRIGHT:\ > :welcome=/etc/motd:\ > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ > > DES -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 13:34:40 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A1B6106567A for ; Sat, 9 Jun 2012 13:34:40 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id CFF758FC14 for ; Sat, 9 Jun 2012 13:34:39 +0000 (UTC) Received: from [192.168.43.26] (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.5/8.14.4) with ESMTP id q59DYcfL045892; Sat, 9 Jun 2012 09:34:38 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <4FD350EF.6080802@sentex.net> Date: Sat, 09 Jun 2012 09:34:39 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: "freebsd-security@freebsd.org" References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> In-Reply-To: X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.72 on 64.7.153.18 Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 13:34:40 -0000 On 6/9/2012 9:19 AM, someone wrote: > hi, > > what is needed to change from md5 to sha512 ? As all old passwd are md5, I imagine there is a > sequence of steps not to lock me out of the box. is there any place that documents this ? You need a relatively recent RELENG_8, not sure the exact date. To change the pass format, edit the file login.conf cd /etc vi /etc/login.conf where it shows default:\ :passwd_format=md5:\ change it to default:\ :passwd_format=sha512:\ Regenerate the db file cap_mkdb login.conf The old passwd hash thats MD5 based will look something like 0(cage2)# grep testuser /etc/master.passwd testuser:$1$0lfvk63d$WPD8y7w6o2CAU8V4kTgqR1:1004:1004::0:0:User &:/home/testuser:/bin/sh 0(cage2)# note the $1$ change the users passwd to something new, or just use the old passwd, but re-enter it 1(cage2)# grep testuser /etc/master.passwd testuser:$1$0lfvk63d$WPD8y7w6o2CAU8V4kTgqR1:1004:1004::0:0:User &:/home/testuser:/bin/sh 0(cage2)# passwd testuser Changing local password for testuser New Password: Retype New Password: 0(cage2)# grep testuser /etc/master.passwd testuser:$6$AvBQXRlaKNv/YkM8$WhrcMomrs7mXgHAvFpETPT.T21jH9rYtsK8KKEFVOOYCm6noIHKI3JqQw67Vc/cYwTkGxnFY1zWrddiVUmk2p0:1004:1004::0:0:User &:/home/testuser:/bin/sh 0(cage2)# Note the $6$ in the hash, and its now super long. If your FreeBSD version does not support sha512, Blowfish might be a better alternative. Note sure, perhaps others here know how safe it is again, change the same file to default:\ :passwd_format=blf:\ and do a cap_mkdb login.conf 0(cage2)# passwd testuser Changing local password for testuser New Password: Retype New Password: 0(cage2)# grep testuser /etc/master.passwd testuser:$2a$04$veZKfUGwqsrxWZOb/wbes.RdgQhLL.kfqyQ8Cv044rjJdFI0nSVXy:1004:1004::0:0:User &:/home/testuser:/bin/sh 0(cage2)# Note the $2a$ Other place to do it is in auth.conf, but I usually do it in login.conf as shown above. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 13:46:23 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFE35106564A for ; Sat, 9 Jun 2012 13:46:23 +0000 (UTC) (envelope-from matheus@eternamente.info) Received: from phoenix.eternamente.info (phoenix.eternamente.info [109.169.62.232]) by mx1.freebsd.org (Postfix) with ESMTP id B34828FC18 for ; Sat, 9 Jun 2012 13:46:23 +0000 (UTC) Received: by phoenix.eternamente.info (Postfix, from userid 80) id 8EFB71CC89; Sat, 9 Jun 2012 10:46:10 -0300 (BRT) Received: from 177.135.16.160 (SquirrelMail authenticated user matheus) by eternamente.info with HTTP; Sat, 9 Jun 2012 10:46:10 -0300 Message-ID: <24b902f837a0deffe51f906c60070ead.squirrel@eternamente.info> In-Reply-To: <4FD350EF.6080802@sentex.net> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> <4FD350EF.6080802@sentex.net> Date: Sat, 9 Jun 2012 10:46:10 -0300 From: "Nenhum_de_Nos" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 13:46:24 -0000 On Sat, June 9, 2012 10:34, Mike Tancsa wrote: > On 6/9/2012 9:19 AM, someone wrote: >> hi, >> >> what is needed to change from md5 to sha512 ? As all old passwd are md5, I imagine there is a >> sequence of steps not to lock me out of the box. is there any place that documents this ? > > You need a relatively recent RELENG_8, not sure the exact date. To > change the pass format, edit the file login.conf > cd /etc > > vi /etc/login.conf > > where it shows > > default:\ > :passwd_format=md5:\ > > change it to > > default:\ > :passwd_format=sha512:\ > > Regenerate the db file > cap_mkdb login.conf > > The old passwd hash thats MD5 based will look something like > > 0(cage2)# grep testuser /etc/master.passwd > testuser:$1$0lfvk63d$WPD8y7w6o2CAU8V4kTgqR1:1004:1004::0:0:User > &:/home/testuser:/bin/sh > 0(cage2)# > > note the $1$ > > change the users passwd to something new, or just use the old passwd, > but re-enter it > > 1(cage2)# grep testuser /etc/master.passwd > testuser:$1$0lfvk63d$WPD8y7w6o2CAU8V4kTgqR1:1004:1004::0:0:User > &:/home/testuser:/bin/sh > 0(cage2)# passwd testuser > Changing local password for testuser > New Password: > Retype New Password: > 0(cage2)# grep testuser /etc/master.passwd > testuser:$6$AvBQXRlaKNv/YkM8$WhrcMomrs7mXgHAvFpETPT.T21jH9rYtsK8KKEFVOOYCm6noIHKI3JqQw67Vc/cYwTkGxnFY1zWrddiVUmk2p0:1004:1004::0:0:User > &:/home/testuser:/bin/sh > 0(cage2)# > > > Note the $6$ in the hash, and its now super long. > > If your FreeBSD version does not support sha512, Blowfish might be a > better alternative. Note sure, perhaps others here know how safe it is > > again, change the same file to > > default:\ > :passwd_format=blf:\ > > and do a cap_mkdb login.conf > > 0(cage2)# passwd testuser > Changing local password for testuser > New Password: > Retype New Password: > 0(cage2)# grep testuser /etc/master.passwd > testuser:$2a$04$veZKfUGwqsrxWZOb/wbes.RdgQhLL.kfqyQ8Cv044rjJdFI0nSVXy:1004:1004::0:0:User > &:/home/testuser:/bin/sh > 0(cage2)# > > Note the $2a$ > > Other place to do it is in auth.conf, but I usually do it in login.conf > as shown above. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html thanks Mike. I plan to change this on 9.0R. I have 8.1 but I think I'll have to update. thanks, matheus -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 15:02:11 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 76083106564A for ; Sat, 9 Jun 2012 15:02:11 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 15C988FC15 for ; Sat, 9 Jun 2012 15:02:10 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=rZ4cY2 7mYoqX+PcVdiXCJFJx56u8h8CDb3tAQ7fmQH1nu0CMn3SKq7aRa+TFnyvkQoyFeJ /6KaMKyqLvg3Sef5JuM1A4dHJiOkIThG2JknH1guFU2L39l9OPixgfDI/yCX9GC2 2zRLrpyhL1PyZDx6skETuxPBfyKSE/5Tqd0Us= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=vaAp5I5tL7IZ 5tNFFNh2iOK7M9pvHNGWrf0bM3EqPSs=; b=FZOLHtiAsbX3iDUtSzDyom0qygyd IGbgk5coqfiPegDnHbm8YLze9aPnYvFK8TD23wAS8Q2MIDUyR/0BTNoEjr4dRYpP vC58wmLqvuqwDPS/4RZ9+dRQmPsjpgC4UtI8SACHC7q+W195TyApaF8yg7U4dVLv ZQH46CznpbM5Wuc= Received: (qmail 12832 invoked from network); 9 Jun 2012 10:02:09 -0500 Received: from unknown (HELO ?10.10.1.87?) (bryan@shatow.net@10.10.1.87) by sweb.xzibition.com with ESMTPA; 9 Jun 2012 10:02:09 -0500 Message-ID: <4FD36567.6050003@shatow.net> Date: Sat, 09 Jun 2012 10:01:59 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120604 Thunderbird/13.0 MIME-Version: 1.0 To: Mike Tancsa References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> In-Reply-To: <4FD334BE.4020900@sentex.net> X-Enigmail-Version: 1.4.2 OpenPGP: id=3C9B0CF9; url=http://www.shatow.net/bryan/bryan.asc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= , freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 15:02:11 -0000 On 6/9/2012 6:34 AM, Mike Tancsa wrote: > Sort of a security issue considering this assessment of MD5 You can use blf (blowfish) as well. Regards, Bryan Drewery From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 15:08:13 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 55B4C106564A for ; Sat, 9 Jun 2012 15:08:13 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id EE0B48FC08 for ; Sat, 9 Jun 2012 15:08:12 +0000 (UTC) Received: by yhgm50 with SMTP id m50so2115875yhg.13 for ; Sat, 09 Jun 2012 08:08:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to; bh=8uisfQFXv+sCNz/P+mI5UEqcr2Epb/MdsDD3afNt1Ps=; b=YVip9QAlZ+z/ZPoh+BUN4P9NvJKZfdH4R5nPj8j9j+2+ko5wINTT2wos5qWbjN3kC1 EhGV2GZZdbc7No6+7F1GQo5pcjQGfPrqzrFf5G0GtpXh0VSpXq1IZWpcUDLygxFNgP72 1jr9F9e/XgFICQSoJ7s/U0IYzCOp78lnOR78c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:x-gm-message-state; bh=8uisfQFXv+sCNz/P+mI5UEqcr2Epb/MdsDD3afNt1Ps=; b=cWPxpu3Q4UNoTb8hNuEbLbktIpzRgF+qZYj/jdFzxCmca5PYrHAALzoDDBl4y2eS/z 5JM/WBF80uDb9mYy0IqDJfEwZryOiUJ9D8Si+8129Q9oeaeP/Gp708BmGNSTRHTa0e3x EDY7yKjshdiGF4ph1C1tNqXTQwy6lvgcRnnz0jaZyW7TBPflFfE4O+qKVvQ9VSZh51xD hsDpe2U5z4k9jr2KUAkWV4T0HhYeH+t/NXLJvIfxRLmf2zgyEYF9XASDkUF8XwUOL7VD b+kbj3yeYUIFz8MqNy1B95X07+2oGq5jt47jLhxPh1qcyvQfeMPCTOPgSwGx5KKhCPIg nTdQ== Received: by 10.236.191.131 with SMTP id g3mr12465987yhn.59.1339254492363; Sat, 09 Jun 2012 08:08:12 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id t11sm15260898anm.5.2012.06.09.08.08.11 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 09 Jun 2012 08:08:11 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q59F89xt079098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 9 Jun 2012 11:08:09 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q59F87gI079097; Sat, 9 Jun 2012 11:08:07 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sat, 9 Jun 2012 11:08:07 -0400 From: Jason Hellenthal To: emu Message-ID: <20120609150807.GA68456@DataIX.net> References: <86r4tqotjo.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Gm-Message-State: ALoCoQl6HREmg0Z47emyZyocG8Z4y+EVCvRhH5/ou83QKu7NCU9eHbIHwGTzHcz0RantZWUnDVd8 Cc: freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 15:08:13 -0000 On Sat, Jun 09, 2012 at 12:04:25AM -0400, emu wrote: > On 2012-06-09 00:01, Robert Simmons wrote: > > On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov > > wrote: > >> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav > >> wrote: > >>> We still have MD5 as our default password hash, even though > >>> known-hash > >>> attacks against MD5 are relatively easy these days.  We've > >>> supported > >>> SHA256 and SHA512 for many years now, so how about making SHA512 > >>> the > >>> default instead of MD5, like on most Linux distributions? > >> > >> If SHA-2 hashes have been supported for many years, why haven't the > >> man pages been updated? login.conf(5) on 9.0-RELEASE still only > >> lists > >> "des", "md5", and "blf". I've been using the latter on my systems. > > > > Yes, I think at least listing all the supported algorithms in the > > login.conf man page is of utmost importance. I've been using > > blowfish > > since it was introduced to FreeBSD over 12 years ago, but I had no > > idea that any other algorithms were possible/available until now. > it was listed with 9.0, change /etc/login.conf from md5 to sha512 and > then cap_mkdb /etc/login.conf and then passwd root/users for effect. as > a previous post im not sure the /etc/auth.conf is necessary. AFAILR auth.conf was being deprecated and there was only one real user of that left to eliminate. Whether that has been eliminated is beyond me as I never tracked it... unimportant. -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 16:41:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC23B1065670 for ; Sat, 9 Jun 2012 16:41:14 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 472A88FC17 for ; Sat, 9 Jun 2012 16:41:13 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so1842849wgb.31 for ; Sat, 09 Jun 2012 09:41:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=OY7nLRh8jXBaqae4inCRNYH9MplrkBCitdr2Ht6QFic=; b=GFmUE/n3DbpJQx7Ylk2itT7e3vxoNZCWttVAvS3Yap059H/a2dhCy5j+1c8aQcDp6X C2S+Yn3QGxovPBTt7WplJ05FfeTTK3raGrIlXXubUglJDcaf98eDqtqpHXF4IhcKlXBG Vdd+f2K65DeT4KsFtSIcUIXLM/eqq9H1xPFbGJn95UO0Q8qieekJlJZi8fa92oT/5JWQ BvIAz0J7NFbhA95IZWhjcJUKujlRzhnsG/Z/H113227evgdR7MQpTN0lhkO6ixd+ARIi h6xnSx1gtyBXG3H4SbOpI22qfm2hWJbuLEk7wwL1EYt/GjlVWOdZLpStLtL4XyJKC4q+ 6tqg== Received: by 10.180.80.37 with SMTP id o5mr8727560wix.12.1339260073026; Sat, 09 Jun 2012 09:41:13 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id gv7sm10363994wib.4.2012.06.09.09.41.11 (version=SSLv3 cipher=OTHER); Sat, 09 Jun 2012 09:41:11 -0700 (PDT) Date: Sat, 9 Jun 2012 17:41:09 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120609174109.1e100b64@gumby.homeunix.com> In-Reply-To: <4FD334BE.4020900@sentex.net> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 16:41:14 -0000 On Sat, 09 Jun 2012 07:34:22 -0400 Mike Tancsa wrote: > On 6/8/2012 8:51 AM, Dag-Erling Sm=F8rgrav wrote: > > We still have MD5 as our default password hash, even though > > known-hash attacks against MD5 are relatively easy these days. > > We've supported SHA256 and SHA512 for many years now, so how about > > making SHA512 the default instead of MD5, like on most Linux > > distributions? >=20 > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there. >=20 > RELENG_7 is supported until 2013 >=20 > Sort of a security issue=20 Lets not forget that this is an attack against insecure passwords performed after an attacker has already gained root or physical access. > considering this assessment of MD5 >=20 > http://phk.freebsd.dk/sagas/md5crypt_eol.html In the context of that all the existing algorithms are pretty insecure. The people that are doing this are brute forcing passwords; the cryptographic merits of the underlying hash are immaterial, except in as far as they slow things down.=20 I would estimate that md5crypt vs sha512crypt is roughly: 2.5 * (5000rounds/1000rounds) * (512bits/128bits) =3D 50 to put that in context, going from simple md5 to md5crypt is factor of ~1024. 50 is equivalent to less than 6bits of password entropy. In some cases it may make little difference to the percentage of passwords cracked. =20 From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 20:16:56 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF3511065673 for ; Sat, 9 Jun 2012 20:16:56 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6736E8FC0C for ; Sat, 9 Jun 2012 20:16:56 +0000 (UTC) Received: by vcbfy7 with SMTP id fy7so1885902vcb.13 for ; Sat, 09 Jun 2012 13:16:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=2/tVqfQmSqXd/ARUwGP5OoiTrIZ07JpJol3jHOVWybE=; b=WHG9IXQ9SxewvQqgDKesP76LfEoaaTYasq3bgz7A7TDLm7HXB/HXsC6Jt8tY5qbkut OeT2pathZmw0sg9Y2Js+wNgQ8oeUXcvyUXPmhJ2775HU4OfWaPj5BRZowjCa9EAPOSPb 2Wc7Qa0DEN04OXwohEdmQPWFP9Pti57fNigeJhRewN5OIhS93nKDtIUhS52GrtI96735 0xb6IYEuxMZLeYY+E8ohARSlIlwng/AKDTmcObmOeFX3PmsslWCr6xAxtWZAMmCKsCCO 1B5IDtNWxkubYZSA8tSzd+bhfWgIb1T3dQ89y36upB0eUquYb3cXaUWKOZ9dLXaC++xv DF3g== MIME-Version: 1.0 Received: by 10.52.88.234 with SMTP id bj10mr8160999vdb.48.1339273015713; Sat, 09 Jun 2012 13:16:55 -0700 (PDT) Received: by 10.52.113.97 with HTTP; Sat, 9 Jun 2012 13:16:55 -0700 (PDT) In-Reply-To: <4FD350EF.6080802@sentex.net> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> <4FD350EF.6080802@sentex.net> Date: Sat, 9 Jun 2012 16:16:55 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 20:16:56 -0000 On Sat, Jun 9, 2012 at 9:34 AM, Mike Tancsa wrote: > On 6/9/2012 9:19 AM, someone wrote: >> hi, >> >> what is needed to change from md5 to sha512 ? As all old passwd are md5, I imagine there is a >> sequence of steps not to lock me out of the box. is there any place that documents this ? > change the users passwd to something new, or just use the old passwd, > but re-enter it Bad idea. Never reuse an old password.