Date: Tue, 19 Jun 2012 19:14:00 +0100 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: Maxim Khitrov <max@mxcrypt.com> Cc: freebsd-security@freebsd.org, ian ivy <sidetripping@gmail.com> Subject: Re: Default password encryption method. Message-ID: <CAC8HS2FAzkLiN1Km-hCSWV9wWvm40tmqsA=61NDEA0WnnkswjQ@mail.gmail.com> In-Reply-To: <CAJcQMWfrVbDUOp0-Qi48V0kBrwrHx8P98XX7U3NASLY08RKEmA@mail.gmail.com> References: <CAASvXNt7oT4g9YaNtMyheMkFyb_0ASfD-ErvCfJBRpuPqkrEwQ@mail.gmail.com> <CAJcQMWfrVbDUOp0-Qi48V0kBrwrHx8P98XX7U3NASLY08RKEmA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 19, 2012 3:16 PM, "Maxim Khitrov" <max@mxcrypt.com> wrote: > > On Tue, Jun 19, 2012 at 10:10 AM, ian ivy <sidetripping@gmail.com> wrote: > > Hello, > > > > By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be > > more secure than e.g. DES but less than e.g. SHA512. Currently several > > major Linux distributions, uses a SHA512 mechanism. Suse Linux also offers > > a blowfish. > > > > Some Debian based distributions use MD5-based algorithm compatible with the > > one > > used by recent releases of FreeBSD - but mostly this variable (* > > MD5_CRYPT_ENAB*) > > is deprecated, and SHA512-based algorithm is used. > > > > Of course, in FreeBSD we can change the MD5 for example to BLF, > > but, it will be not a better solution to use SHA512 by default? > > This has been discussed recently in the following thread: > > http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html The FreeBSD Security Team is also looking at (/poking people to look at) solutions which will improve the the time it takes to brute force passwords significantly more. -- Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC8HS2FAzkLiN1Km-hCSWV9wWvm40tmqsA=61NDEA0WnnkswjQ>