Date: Sat, 9 Jun 2012 00:01:57 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <CA%2BQLa9Cu5p9PWLp%2BqojdkXSsKvJKKVZ%2BGJCKF=%2BH1DVVbtE0hg@mail.gmail.com> In-Reply-To: <CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com> References: <86r4tqotjo.fsf@ds4.des.no> <CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov <max@mxcrypt.com> wrote: > On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Sm=F8rgrav <des@des.no> wrote: >> We still have MD5 as our default password hash, even though known-hash >> attacks against MD5 are relatively easy these days. =A0We've supported >> SHA256 and SHA512 for many years now, so how about making SHA512 the >> default instead of MD5, like on most Linux distributions? > > If SHA-2 hashes have been supported for many years, why haven't the > man pages been updated? login.conf(5) on 9.0-RELEASE still only lists > "des", "md5", and "blf". I've been using the latter on my systems. Yes, I think at least listing all the supported algorithms in the login.conf man page is of utmost importance. I've been using blowfish since it was introduced to FreeBSD over 12 years ago, but I had no idea that any other algorithms were possible/available until now.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9Cu5p9PWLp%2BqojdkXSsKvJKKVZ%2BGJCKF=%2BH1DVVbtE0hg>