Date: Sat, 23 Jun 2012 09:05:46 -0700 From: Devin Teske <devin.teske@fisglobal.com> To: "Christopher J. Ruwe" <cjr@cruwe.de> Cc: freebsd-questions@freebsd.org Subject: Re: changing md5 hashed for sha Message-ID: <8B1072EE-6143-4E1E-B951-373C8877D007@fisglobal.com> In-Reply-To: <20120623153710.36e7446f@dijkstra.cruwe.de> References: <20120623153710.36e7446f@dijkstra.cruwe.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 23, 2012, at 6:37 AM, Christopher J. Ruwe wrote: > For setting the dafault hash used to hash /etc/master.passwd, it has > been recommended changing md5 for something more secure in the sense of > being more expensive to crack. >=20 > The handbook describes the procedure used in > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html. > Allegedly, hashes which were hashed with one of the sha-functions begin > with the character $6$. >=20 Unfortunately, it appears that login.conf is ignored by pw w/respect to gro= up(5) passwords. Example Given: Setting passwd_format=3Dblf in login.conf(5) followed by executing: echo newpass | sudo pw usermod SOMEUSER -h 0 sudo grep '^SOMEUSER:' /etc/master.passwd # shows Blowfish hash starting with $2a$, meanwhile=85 echo newpass | sudo pw groupmod SOMEGROUP -h 0 grep '^SOMEGROUP:' /etc/group # shows login.conf(5) was ignored and an old-style crypt password (2-letter= salt; 8-character max password) :( --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8B1072EE-6143-4E1E-B951-373C8877D007>