From owner-freebsd-security@FreeBSD.ORG Sun Jun 10 22:26:41 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6DAA106564A for ; Sun, 10 Jun 2012 22:26:41 +0000 (UTC) (envelope-from oliver.pntr@gmail.com) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id A17138FC0C for ; Sun, 10 Jun 2012 22:26:41 +0000 (UTC) Received: by ghbz22 with SMTP id z22so2376498ghb.13 for ; Sun, 10 Jun 2012 15:26:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=KB9c3brSaXcL4Q0fPpQNAaPLa/gAa/wbiuvnkQg1/Mw=; b=tKvw+r8JiDDmAppvYkuAIIJDgtMd0pZvJFM9RwHYHAxNWzeozoQIkGCIvj+8HVb+/b IYR93yL6LVq/VwMIupCPa24l+coNfxwzN9lnUWNIqrP4nCrQ9/EPUPsdTiR46/CS/TUe 4aZjYoisU/KaN6pJKMxKLYz4Y4oba0rgbQLHFDSRd3F3293BzGq6SrkzD40pFKvYGUi7 KWk4V/Go5XYDset9vMDuSVhkInhrKLbTSPv0iJ0oE/dk2IUIEYAPRij99j8wzxaVqYXP LCQRD+/IeryGVj4Yle7bE+Mpb/1WwK/6ph3FmK/1eam/P0ON8X3/SR7d2DjZDcmWkn2p nIVQ== MIME-Version: 1.0 Received: by 10.236.201.199 with SMTP id b47mr17640415yho.44.1339367195102; Sun, 10 Jun 2012 15:26:35 -0700 (PDT) Received: by 10.236.46.233 with HTTP; Sun, 10 Jun 2012 15:26:35 -0700 (PDT) In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no> Date: Mon, 11 Jun 2012 00:26:35 +0200 Message-ID: From: Oliver Pinter To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: [Re: Default password hash] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2012 22:26:42 -0000 On 6/8/12, Dag-Erling Sm=F8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? > > Index: etc/login.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). > > default:\ > - :passwd_format=3Dmd5:\ > + :passwd_format=3Dsha512:\ > :copyright=3D/etc/COPYRIGHT:\ > :welcome=3D/etc/motd:\ > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES= :\ > > DES > -- > Dag-Erling Sm=F8rgrav - des@des.no > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >