MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we
configure SHA1 in /etc/login.conf?
Daniel Marsh
jahilliya at gmail.com
Sun Jan 4 06:31:29 UTC 2009
Hey
What's wrong with the blowfish hash?
Reading up on it the full 16 round cipher is unbroken, only 4 and 14
round versions can be broke.
Regards
Daniel
On 1/4/09, O. Hartmann <ohartman at mail.zedat.fu-berlin.de> wrote:
> MD5 seems to be compromised by potential collision attacks. So I tried
> to figure out how I can use another hash for security purposes when
> hashing passwords for local users on a FreeBSD 7/8 box, like root or
> local box administration. Looking at man login.conf reveals only three
> possible hash algorithms selectable: md5 (recommended), des and blf.
> Changing /etc/login.conf's tag
>
> default:\
> :passwd_format=sha1:\
>
>
> followed by a obligatory "cap_mkdb" seems to do something - changing
> root's password results in different hashes when selecting different
> hash algorithms like des, md5, sha1, blf or even sha256.
>
> Well, I never digged deep enough into the source code to reveal the
> magic and truth, so I will ask here for some help. Is it possible to
> change the md5-algorithm by default towards sha1 as recommended after
> the md5-collisions has been published?
>
> Thanks in advance,
> Oliver
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
--
http://buymeahouse.stiw.org/
More information about the freebsd-security
mailing list