Date: Sat, 9 Jun 2012 21:45:20 +0000 (UTC) From: Benedict Reuschling <bcr@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r39015 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <201206092145.q59LjKwk055695@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bcr Date: Sat Jun 9 21:45:20 2012 New Revision: 39015 URL: http://svn.freebsd.org/changeset/doc/39015 Log: Update the section about user account hashes with two additional supported hash functions that can be used: SHA256 and SHA512. Also document how these are stored in the master.passwd file. Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.sgml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Sat Jun 9 13:54:08 2012 (r39014) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Sat Jun 9 21:45:20 2012 (r39015) @@ -1037,7 +1037,7 @@ <!-- 21 Mar 2000 --> </sect1info> - <title>DES, Blowfish, MD5, and Crypt</title> + <title>DES, Blowfish, MD5, SHA256, SHA512, and Crypt</title> <indexterm> <primary>security</primary> @@ -1048,6 +1048,8 @@ <indexterm><primary>Blowfish</primary></indexterm> <indexterm><primary>DES</primary></indexterm> <indexterm><primary>MD5</primary></indexterm> + <indexterm><primary>SHA256</primary></indexterm> + <indexterm><primary>SHA512</primary></indexterm> <para>Every user on a &unix; system has a password associated with their account. It seems obvious that these passwords need to be @@ -1081,8 +1083,8 @@ <sect2> <title>Recognizing Your Crypt Mechanism</title> - <para>Currently the library supports DES, MD5 and Blowfish hash - functions. By default &os; uses MD5 to encrypt + <para>Currently the library supports DES, MD5, Blowfish, SHA256, + and SHA512 hash functions. By default &os; uses MD5 to encrypt passwords.</para> <para>It is pretty easy to identify which encryption method &os; @@ -1097,13 +1099,16 @@ than MD5 passwords, and are coded in a 64-character alphabet which does not include the <literal>$</literal> character, so a relatively short string which does not begin - with a dollar sign is very likely a DES password.</para> + with a dollar sign is very likely a DES password. Both SHA256 + and SHA512 begin with the characters + <literal>$6$</literal>.</para> <para>The password format used for new passwords is controlled by the <literal>passwd_format</literal> login capability in <filename>/etc/login.conf</filename>, which takes values of - <literal>des</literal>, <literal>md5</literal> or - <literal>blf</literal>. See the &man.login.conf.5; manual + <literal>des</literal>, <literal>md5</literal>, + <literal>blf</literal>, <literal>sha256</literal> or + <literal>sha512</literal>. See the &man.login.conf.5; manual page for more information about login capabilities.</para> </sect2> </sect1>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206092145.q59LjKwk055695>