From owner-freebsd-security@FreeBSD.ORG Sun Jan 4 06:31:29 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F420106566C for ; Sun, 4 Jan 2009 06:31:29 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id E6E728FC20 for ; Sun, 4 Jan 2009 06:31:28 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so9313270wfg.7 for ; Sat, 03 Jan 2009 22:31:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=WYGEZ9DuVPQvpgM7ijDnybSzgusMqAPZF22wdeAIEJk=; b=GIa0C8LaOSvvaq045dt1j0FWvmzsidE7U8N+6D/TI12cks7MBf+ZZU+9/L9yS0Aj9Z 5u2k86zprpyw4krsaGazG/B0q7hzuEebq5ug5Y8cBJjSzLk+yQfWV4vOVJYGfs8i2lpV zPaRu8XB3jLrxXdZPHoSUTqr7ao9voApBIrgg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=RjSx//Riyt79Ijtuieln3XqTeOD1J0R9Bwpa1gmBZtZmYzGPmScx2DqDxWBZWRSYIh pLEQwZCo8rBQTNkzFHjonr6RmBzrVybecWTRBUeI+BXDPG0sPKvWPldaKHE0rOiTIcuG NEa7wOmAoWCdresMPfA117Ld5ZM+nmwvCskQE= Received: by 10.142.78.10 with SMTP id a10mr8066355wfb.270.1231048690106; Sat, 03 Jan 2009 21:58:10 -0800 (PST) Received: by 10.142.224.6 with HTTP; Sat, 3 Jan 2009 21:58:10 -0800 (PST) Message-ID: Date: Sun, 4 Jan 2009 14:58:10 +0900 From: "Daniel Marsh" To: "O. Hartmann" , freebsd-security@freebsd.org In-Reply-To: <495FDC97.4090301@mail.zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <495FDC97.4090301@mail.zedat.fu-berlin.de> Cc: Subject: Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jan 2009 06:31:29 -0000 Hey What's wrong with the blowfish hash? Reading up on it the full 16 round cipher is unbroken, only 4 and 14 round versions can be broke. Regards Daniel On 1/4/09, O. Hartmann wrote: > MD5 seems to be compromised by potential collision attacks. So I tried > to figure out how I can use another hash for security purposes when > hashing passwords for local users on a FreeBSD 7/8 box, like root or > local box administration. Looking at man login.conf reveals only three > possible hash algorithms selectable: md5 (recommended), des and blf. > Changing /etc/login.conf's tag > > default:\ > :passwd_format=sha1:\ > > > followed by a obligatory "cap_mkdb" seems to do something - changing > root's password results in different hashes when selecting different > hash algorithms like des, md5, sha1, blf or even sha256. > > Well, I never digged deep enough into the source code to reveal the > magic and truth, so I will ask here for some help. Is it possible to > change the md5-algorithm by default towards sha1 as recommended after > the md5-collisions has been published? > > Thanks in advance, > Oliver > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- http://buymeahouse.stiw.org/