From owner-freebsd-security@FreeBSD.ORG  Fri Jun  8 14:48:53 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DCAB51065672
	for <freebsd-security@freebsd.org>;
	Fri,  8 Jun 2012 14:48:53 +0000 (UTC)
	(envelope-from ohartman@zedat.fu-berlin.de)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de
	[130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 9604C8FC1C
	for <freebsd-security@freebsd.org>;
	Fri,  8 Jun 2012 14:48:53 +0000 (UTC)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69])
	by outpost1.zedat.fu-berlin.de (Exim 4.69)
	for freebsd-security@freebsd.org with esmtp
	(envelope-from <ohartman@zedat.fu-berlin.de>)
	id <1Sd0UY-00086D-Ts>; Fri, 08 Jun 2012 16:48:46 +0200
Received: from munin.geoinf.fu-berlin.de ([130.133.86.110])
	by inpost2.zedat.fu-berlin.de (Exim 4.69)
	for freebsd-security@freebsd.org with esmtpsa
	(envelope-from <ohartman@zedat.fu-berlin.de>)
	id <1Sd0UY-0003h7-RU>; Fri, 08 Jun 2012 16:48:46 +0200
Message-ID: <4FD210CB.6030000@zedat.fu-berlin.de>
Date: Fri, 08 Jun 2012 16:48:43 +0200
From: "Hartmann, O." <ohartman@zedat.fu-berlin.de>
Organization: FU Berlin
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:12.0) Gecko/20120602 Thunderbird/12.0.1
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <86r4tqotjo.fsf@ds4.des.no>
	<CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com>
In-Reply-To: <CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Originating-IP: 130.133.86.110
Subject: Re: Default password hash
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 14:48:53 -0000

On 06/08/12 15:06, Maxim Khitrov wrote:
> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <des@des.no> wrote:
>> We still have MD5 as our default password hash, even though known-hash
>> attacks against MD5 are relatively easy these days.  We've supported
>> SHA256 and SHA512 for many years now, so how about making SHA512 the
>> default instead of MD5, like on most Linux distributions?
> 
> If SHA-2 hashes have been supported for many years, why haven't the
> man pages been updated? login.conf(5) on 9.0-RELEASE still only lists
> "des", "md5", and "blf". I've been using the latter on my systems.
> 
> - Max
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


I asked similar things once:

http://lists.freebsd.org/pipermail/freebsd-security/2009-January/005072.html

I use "blf" since then. I hear the first time FreeBSD is supporting
SHA256 and SHA512.


Oliver