From owner-freebsd-security@FreeBSD.ORG Sun Jan 4 04:11:43 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B9BE106566B for ; Sun, 4 Jan 2009 04:11:43 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.freebsd.org (Postfix) with ESMTP id E7B6B8FC16 for ; Sun, 4 Jan 2009 04:11:42 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.3/8.14.3) with ESMTP id n043kSmb058011; Sat, 3 Jan 2009 22:46:28 -0500 (EST) (envelope-from mike@sentex.net) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.8/8.13.3) with ESMTP id n043kRCJ000646 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 3 Jan 2009 22:46:27 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <200901040346.n043kRCJ000646@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 03 Jan 2009 22:46:25 -0500 To: "O. Hartmann" , freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: <495FDC97.4090301@mail.zedat.fu-berlin.de> References: <495FDC97.4090301@mail.zedat.fu-berlin.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Scanned-By: MIMEDefang 2.64 on 64.7.153.18 Cc: Subject: Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jan 2009 04:11:43 -0000 At 04:45 PM 1/3/2009, O. Hartmann wrote: >followed by a obligatory "cap_mkdb" seems to do something - changing >root's password results in different hashes when selecting different >hash algorithms like des, md5, sha1, blf or even sha256. > >Well, I never digged deep enough into the source code to reveal the >magic and truth, so I will ask here for some help. Is it possible to >change the md5-algorithm by default towards sha1 as recommended after >the md5-collisions has been published? Are you sure sha1 is supported ? It looks like if you put in something not understood in the login.conf file, it defaults to what appears to be DES. ---Mike >Thanks in advance, >Oliver >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"