MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?

[Stanislav Sedov]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 03 Jan 2009 22:45:59 +0100
"O. Hartmann" <ohartman at mail.zedat.fu-berlin.de> mentioned:

> MD5 seems to be compromised by potential collision attacks. So I tried
> to figure out how I can use another hash for security purposes when
> hashing passwords for local users on a FreeBSD 7/8 box, like root or
> local box administration. Looking at man login.conf reveals only three
> possible hash algorithms selectable: md5 (recommended), des and blf.
> Changing /etc/login.conf's tag
> 
> default:\
>         :passwd_format=sha1:\
> 
> 
> followed by a obligatory "cap_mkdb" seems to do something - changing
> root's password results in different hashes when selecting different
> hash algorithms like des, md5, sha1, blf or even sha256.
> 
> Well, I never digged deep enough into the source code to reveal the
> magic and truth, so I will ask here for some help. Is it possible to
> change the md5-algorithm by default towards sha1 as recommended after
> the md5-collisions has been published?
> 

The default hash format can be configured via auth.conf(5) file. AFAIK,
md5, des, blowfish and nthash are supported currently.

BTW, I don't think that recently discovered collisions in md5 algoritm
can compromise system passwords, as crypt(3) md5 scheme doesn't store
the plain md5 sums, but result of a number of md5 computations over a
salted password string. Of course, being able to find hash collisions
can speedup the brute-force attack a bit, but this had to be proven
first...

- -- 
Stanislav Sedov
ST4096-RIPE
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAklgVukACgkQK/VZk+smlYFurQCeOobQDi6tCbJ9ZeK8V5aUAY3O
mMoAoIKvPDKvN1oogSWyGhYln3jCFWgX
=NZZk
-----END PGP SIGNATURE-----

!DSPAM:4960565a967008001220501!