From owner-freebsd-security@FreeBSD.ORG  Tue Jun 19 14:15:50 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 763821065670
	for <freebsd-security@freebsd.org>;
	Tue, 19 Jun 2012 14:15:50 +0000 (UTC) (envelope-from max@mxcrypt.com)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com
	[209.85.216.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 2B5A78FC14
	for <freebsd-security@freebsd.org>;
	Tue, 19 Jun 2012 14:15:50 +0000 (UTC)
Received: by qcsg15 with SMTP id g15so4304162qcs.13
	for <freebsd-security@freebsd.org>;
	Tue, 19 Jun 2012 07:15:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type:x-gm-message-state;
	bh=J5255/sgbeKDS9fMJOHhANdrrecTLn2lZmKowEVZAh8=;
	b=CVyGZAkRbIR2hFgaaqubka1y1TIo8GRNq/vCJa1IOugHulqbL4PldXXSYrwQDJNRL0
	JNvBIfjEgYfM6uPlrrOLYt7r2tqsFeEOdDdz2uwkRoT7rcCnxn3TpOdf+nOsfVumonwl
	e0l8ykrJ0w/Z5SCwpC41ceeb1Hwqfy0gn4ZWrIHmUl1RQ1exOAN8/xzD7nnJqCDebQ8s
	Br38USTLg4HRfux3/e0unWzkgY58T5JB0r0iiyz98BuKtLQcpewHERldSlMtZ875bH28
	P5l6z0Cm6FN8snFHN8NUP8FzOGCzzbBLtJRRkNJpF5vQOKAC7uRGdFmqrCEW70ECb4Sd
	Wlbw==
Received: by 10.224.70.144 with SMTP id d16mr34423391qaj.45.1340115348990;
	Tue, 19 Jun 2012 07:15:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.224.82 with HTTP; Tue, 19 Jun 2012 07:15:18 -0700 (PDT)
In-Reply-To: <CAASvXNt7oT4g9YaNtMyheMkFyb_0ASfD-ErvCfJBRpuPqkrEwQ@mail.gmail.com>
References: <CAASvXNt7oT4g9YaNtMyheMkFyb_0ASfD-ErvCfJBRpuPqkrEwQ@mail.gmail.com>
From: Maxim Khitrov <max@mxcrypt.com>
Date: Tue, 19 Jun 2012 10:15:18 -0400
Message-ID: <CAJcQMWfrVbDUOp0-Qi48V0kBrwrHx8P98XX7U3NASLY08RKEmA@mail.gmail.com>
To: ian ivy <sidetripping@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: ALoCoQmIt1In2eDE8ajv5/lpuSjKtOVCbg6zqZm4ng9VPG1N7EMCMJucx2MjDiq41xBm6hlVPIDg
Cc: freebsd-security@freebsd.org
Subject: Re: Default password encryption method.
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2012 14:15:50 -0000

On Tue, Jun 19, 2012 at 10:10 AM, ian ivy <sidetripping@gmail.com> wrote:
> Hello,
>
> By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be
> more secure than e.g. DES but less than e.g. SHA512. Currently several
> major Linux distributions, uses a SHA512 mechanism. Suse Linux also offers
> a blowfish.
>
> Some Debian based distributions use MD5-based algorithm compatible with the
> one
> used by recent releases of FreeBSD - but mostly this variable (*
> MD5_CRYPT_ENAB*)
> is deprecated, and SHA512-based algorithm is used.
>
> Of course, in FreeBSD we can change the MD5 for example to BLF,
> but, it will be not a better solution to use SHA512 by default?

This has been discussed recently in the following thread:

http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html

- Max