Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Jun 2012 11:08:07 -0400
From:      Jason Hellenthal <jhellenthal@dataix.net>
To:        emu <emu@karma.emu.so>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Default password hash
Message-ID:  <20120609150807.GA68456@DataIX.net>
In-Reply-To: <a5d65d681aab65c66945eab6987673a2@karma.emu.so>
References:  <86r4tqotjo.fsf@ds4.des.no> <CAJcQMWdMp-ATdTzq6CNcy6dAUzZ98w2snT=u_cM=qLvQznAn_w@mail.gmail.com> <CA%2BQLa9Cu5p9PWLp%2BqojdkXSsKvJKKVZ%2BGJCKF=%2BH1DVVbtE0hg@mail.gmail.com> <a5d65d681aab65c66945eab6987673a2@karma.emu.so>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sat, Jun 09, 2012 at 12:04:25AM -0400, emu wrote:
> On 2012-06-09 00:01, Robert Simmons wrote:
> > On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov <max@mxcrypt.com> 
> > wrote:
> >> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <des@des.no> 
> >> wrote:
> >>> We still have MD5 as our default password hash, even though 
> >>> known-hash
> >>> attacks against MD5 are relatively easy these days.  We've 
> >>> supported
> >>> SHA256 and SHA512 for many years now, so how about making SHA512 
> >>> the
> >>> default instead of MD5, like on most Linux distributions?
> >>
> >> If SHA-2 hashes have been supported for many years, why haven't the
> >> man pages been updated? login.conf(5) on 9.0-RELEASE still only 
> >> lists
> >> "des", "md5", and "blf". I've been using the latter on my systems.
> >
> > Yes, I think at least listing all the supported algorithms in the
> > login.conf man page is of utmost importance.  I've been using 
> > blowfish
> > since it was introduced to FreeBSD over 12 years ago, but I had no
> > idea that any other algorithms were possible/available until now.

> it was listed with 9.0, change /etc/login.conf from md5 to sha512 and 
> then cap_mkdb /etc/login.conf and then passwd root/users for effect. as 
> a previous post im not sure the /etc/auth.conf is necessary.

AFAILR auth.conf was being deprecated and there was only one real user
of that left to eliminate. Whether that has been eliminated is beyond me
as I never tracked it... unimportant.

-- 

 - (2^(N-1))

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120609150807.GA68456>