Default password hash
Robert Simmons
rsimmons0 at gmail.com
Sat Jun 9 04:02:04 UTC 2012
On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov <max at mxcrypt.com> wrote:
> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <des at des.no> wrote:
>> We still have MD5 as our default password hash, even though known-hash
>> attacks against MD5 are relatively easy these days. We've supported
>> SHA256 and SHA512 for many years now, so how about making SHA512 the
>> default instead of MD5, like on most Linux distributions?
>
> If SHA-2 hashes have been supported for many years, why haven't the
> man pages been updated? login.conf(5) on 9.0-RELEASE still only lists
> "des", "md5", and "blf". I've been using the latter on my systems.
Yes, I think at least listing all the supported algorithms in the
login.conf man page is of utmost importance. I've been using blowfish
since it was introduced to FreeBSD over 12 years ago, but I had no
idea that any other algorithms were possible/available until now.
More information about the freebsd-security
mailing list