From owner-freebsd-security@FreeBSD.ORG  Sat Jun  9 04:15:37 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DC63B106566C
	for <freebsd-security@freebsd.org>;
	Sat,  9 Jun 2012 04:15:37 +0000 (UTC)
	(envelope-from emu@karma.emu.so)
Received: from karma.emu.so (ns1.emu.so [199.15.250.19])
	by mx1.freebsd.org (Postfix) with ESMTP id 4AE1E8FC0C
	for <freebsd-security@freebsd.org>;
	Sat,  9 Jun 2012 04:15:37 +0000 (UTC)
Received: by karma.emu.so (Postfix, from userid 80)
	id BCC2D405821; Sat,  9 Jun 2012 00:04:25 -0400 (EDT)
To: <freebsd-security@freebsd.org>
X-PHP-Originating-Script: 501:main.inc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Sat, 09 Jun 2012 00:04:25 -0400
From: emu <emu@karma.emu.so>
In-Reply-To: <CA+QLa9Cu5p9PWLp+qojdkXSsKvJKKVZ+GJCKF=+H1DVVbtE0hg@mail.gmail.com>
References: <86r4tqotjo.fsf@ds4.des.no>
	<CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com>
	<CA+QLa9Cu5p9PWLp+qojdkXSsKvJKKVZ+GJCKF=+H1DVVbtE0hg@mail.gmail.com>
Message-ID: <a5d65d681aab65c66945eab6987673a2@karma.emu.so>
X-Sender: emu@karma.emu.so
User-Agent: Roundcube Webmail/0.7.2
X-Mailman-Approved-At: Sat, 09 Jun 2012 11:04:00 +0000
Subject: Re: Default password hash
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jun 2012 04:15:37 -0000

On 2012-06-09 00:01, Robert Simmons wrote:
> On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov <max@mxcrypt.com> 
> wrote:
>> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <des@des.no> 
>> wrote:
>>> We still have MD5 as our default password hash, even though 
>>> known-hash
>>> attacks against MD5 are relatively easy these days.  We've 
>>> supported
>>> SHA256 and SHA512 for many years now, so how about making SHA512 
>>> the
>>> default instead of MD5, like on most Linux distributions?
>>
>> If SHA-2 hashes have been supported for many years, why haven't the
>> man pages been updated? login.conf(5) on 9.0-RELEASE still only 
>> lists
>> "des", "md5", and "blf". I've been using the latter on my systems.
>
> Yes, I think at least listing all the supported algorithms in the
> login.conf man page is of utmost importance.  I've been using 
> blowfish
> since it was introduced to FreeBSD over 12 years ago, but I had no
> idea that any other algorithms were possible/available until now.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to 
> "freebsd-security-unsubscribe@freebsd.org"
it was listed with 9.0, change /etc/login.conf from md5 to sha512 and 
then cap_mkdb /etc/login.conf and then passwd root/users for effect. as 
a previous post im not sure the /etc/auth.conf is necessary.