Date: Fri, 8 Jun 2012 15:00:30 +0200 From: Lars Engels <lars.engels@0x20.net> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120608130030.GI5592@e-new.0x20.net> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Jun 08, 2012 at 02:51:55PM +0200, Dag-Erling Smørgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? > > Index: etc/login.conf > =================================================================== > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). > > default:\ > - :passwd_format=md5:\ > + :passwd_format=sha512:\ > :copyright=/etc/COPYRIGHT:\ > :welcome=/etc/motd:\ > :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ > +1 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/R924ACgkQKc512sD3afiqJACfflg3ODaEBe71+X4LS46fkzz+ gdMAn3hEL8Hb7Q30pviOjtJqPmjqEaaA =OxAF -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120608130030.GI5592>