MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?

Peter Jeremy peterjeremy at optushome.com.au
Tue Jan 6 10:27:49 UTC 2009


On 2009-Jan-03 22:45:59 +0100, "O. Hartmann" <ohartman at mail.zedat.fu-berlin.de> wrote:
>Well, I never digged deep enough into the source code to reveal the
>magic and truth, so I will ask here for some help.

The relevant algorithms and their names are embedded in
src/lib/libcrypt/crypt.c

> Is it possible to
>change the md5-algorithm by default towards sha1 as recommended after
>the md5-collisions has been published?

Note that both MD5 and SHA1 are broken in the cryprographic sense.  As
various people have noted, the known breaks do not impact on MD5
password hashes.

-- 
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20090106/8902ad97/attachment.pgp


More information about the freebsd-security mailing list