From owner-freebsd-security@FreeBSD.ORG  Fri Jun  8 13:06:44 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 29816106566C
	for <freebsd-security@freebsd.org>;
	Fri,  8 Jun 2012 13:06:44 +0000 (UTC) (envelope-from max@mxcrypt.com)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com
	[209.85.216.182])
	by mx1.freebsd.org (Postfix) with ESMTP id D2B8C8FC17
	for <freebsd-security@freebsd.org>;
	Fri,  8 Jun 2012 13:06:43 +0000 (UTC)
Received: by qcsg15 with SMTP id g15so1002277qcs.13
	for <freebsd-security@freebsd.org>;
	Fri, 08 Jun 2012 06:06:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type:content-transfer-encoding:x-gm-message-state;
	bh=rNLYeeUrpagPcXbLKKhE1z2mHMXTdp8PgkJRNmZitsk=;
	b=IIeYIM3bbbFzYRqPHbBh4muyEh78ilCmyrGu8wue35yVP8ltktrTbPEI8MLpVwr7Ca
	sa34ZVWXgD1tVHpoGBgoOTOTefhWfU/mQ4s0UaF8M45fqDhubozBJQTZDEcwnL6MZi5B
	HNACopbUZsi3NFMOPfibRDeKh4lQAVzF5USzJRuIDhwhWK7yhC/Vaw7XD5r76PIDSrV5
	WBWdH/rV7FYOmDeFWsnDwplOg5YnnRzj0odsEFOGonzX/tCHuOfOZuLanxD09f7xbm+m
	LZ4M6FzAWw0N3D43ziFPFbNewVq8s3pEuvqq9ejCNy/7LoZT64O4W7KrD5tpo90OEl+n
	I+rw==
Received: by 10.229.137.15 with SMTP id u15mr1865677qct.113.1339160802255;
	Fri, 08 Jun 2012 06:06:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.109.137 with HTTP; Fri, 8 Jun 2012 06:06:12 -0700 (PDT)
In-Reply-To: <86r4tqotjo.fsf@ds4.des.no>
References: <86r4tqotjo.fsf@ds4.des.no>
From: Maxim Khitrov <max@mxcrypt.com>
Date: Fri, 8 Jun 2012 09:06:12 -0400
Message-ID: <CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com>
To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmOPXs1uYqokmRMYw0UVpT7K+qQf/X8+ZDH/dluM2hhcQbhlakr8L9YY2f1w+27VaCMbTXx
Cc: freebsd-security@freebsd.org
Subject: Re: Default password hash
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 13:06:44 -0000

On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Sm=C3=B8rgrav <des@des.no> wrote=
:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. =C2=A0We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instead of MD5, like on most Linux distributions?

If SHA-2 hashes have been supported for many years, why haven't the
man pages been updated? login.conf(5) on 9.0-RELEASE still only lists
"des", "md5", and "blf". I've been using the latter on my systems.

- Max