From owner-freebsd-security@FreeBSD.ORG Sun Jan 4 06:25:32 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0C57106566B for ; Sun, 4 Jan 2009 06:25:32 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from mx0.deglitch.com (backbone.deglitch.com [IPv6:2001:16d8:fffb:4::abba]) by mx1.freebsd.org (Postfix) with ESMTP id 936F58FC12 for ; Sun, 4 Jan 2009 06:25:32 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from DSPAM-Daemon (localhost [127.0.0.1]) by mx0.deglitch.com (Postfix) with SMTP id AE2A68FC4F for ; Sun, 4 Jan 2009 09:25:30 +0300 (MSK) Received: from orion.SpringDaemons.com (drsun1.dialup.corbina.ru [85.21.245.235]) by mx0.deglitch.com (Postfix) with ESMTPA id DC5A08FC4E; Sun, 4 Jan 2009 09:25:29 +0300 (MSK) Received: from orion (localhost [127.0.0.1]) by orion.SpringDaemons.com (Postfix) with SMTP id 25E223996C; Sun, 4 Jan 2009 09:27:53 +0300 (MSK) Date: Sun, 4 Jan 2009 09:27:44 +0300 From: Stanislav Sedov To: "O. Hartmann" Message-Id: <20090104092744.e0971330.stas@FreeBSD.org> In-Reply-To: <495FDC97.4090301@mail.zedat.fu-berlin.de> References: <495FDC97.4090301@mail.zedat.fu-berlin.de> Organization: The FreeBSD Project X-XMPP: ssedov@jabber.ru X-Voice: +7 916 849 20 23 X-PGP-Fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-DSPAM-Result: Innocent X-DSPAM-Processed: Sun Jan 4 09:25:30 2009 X-DSPAM-Confidence: 1.0000 X-DSPAM-Improbability: 1 in 98689409 chance of being spam X-DSPAM-Probability: 0.0023 X-DSPAM-Signature: 4960565a967008001220501 Cc: freebsd-security@freebsd.org Subject: Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jan 2009 06:25:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 03 Jan 2009 22:45:59 +0100 "O. Hartmann" mentioned: > MD5 seems to be compromised by potential collision attacks. So I tried > to figure out how I can use another hash for security purposes when > hashing passwords for local users on a FreeBSD 7/8 box, like root or > local box administration. Looking at man login.conf reveals only three > possible hash algorithms selectable: md5 (recommended), des and blf. > Changing /etc/login.conf's tag > > default:\ > :passwd_format=sha1:\ > > > followed by a obligatory "cap_mkdb" seems to do something - changing > root's password results in different hashes when selecting different > hash algorithms like des, md5, sha1, blf or even sha256. > > Well, I never digged deep enough into the source code to reveal the > magic and truth, so I will ask here for some help. Is it possible to > change the md5-algorithm by default towards sha1 as recommended after > the md5-collisions has been published? > The default hash format can be configured via auth.conf(5) file. AFAIK, md5, des, blowfish and nthash are supported currently. BTW, I don't think that recently discovered collisions in md5 algoritm can compromise system passwords, as crypt(3) md5 scheme doesn't store the plain md5 sums, but result of a number of md5 computations over a salted password string. Of course, being able to find hash collisions can speedup the brute-force attack a bit, but this had to be proven first... - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAklgVukACgkQK/VZk+smlYFurQCeOobQDi6tCbJ9ZeK8V5aUAY3O mMoAoIKvPDKvN1oogSWyGhYln3jCFWgX =NZZk -----END PGP SIGNATURE----- !DSPAM:4960565a967008001220501!