Date: Fri, 8 Jun 2012 15:00:30 +0200 From: Lars Engels <lars.engels@0x20.net> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120608130030.GI5592@e-new.0x20.net> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--RxUQJxD9bT7Ys92M Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 08, 2012 at 02:51:55PM +0200, Dag-Erling Sm=C3=B8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? >=20 > Index: etc/login.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). >=20 > default:\ > - :passwd_format=3Dmd5:\ > + :passwd_format=3Dsha512:\ > :copyright=3D/etc/COPYRIGHT:\ > :welcome=3D/etc/motd:\ > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES= :\ >=20 +1 --RxUQJxD9bT7Ys92M Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/R924ACgkQKc512sD3afiqJACfflg3ODaEBe71+X4LS46fkzz+ gdMAn3hEL8Hb7Q30pviOjtJqPmjqEaaA =OxAF -----END PGP SIGNATURE----- --RxUQJxD9bT7Ys92M--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120608130030.GI5592>