Default password hash
Xin Li
delphij at delphij.net
Sun Jun 10 06:55:21 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 06/09/12 04:34, Mike Tancsa wrote:
> On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote:
>> We still have MD5 as our default password hash, even though
>> known-hash attacks against MD5 are relatively easy these days.
>> We've supported SHA256 and SHA512 for many years now, so how
>> about making SHA512 the default instead of MD5, like on most
>> Linux distributions?
>
> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
> currently not there.
Ping me next Friday if nobody else would volunteer.
> RELENG_7 is supported until 2013
>
> Sort of a security issue considering this assessment of MD5
>
> http://phk.freebsd.dk/sagas/md5crypt_eol.html
>
>
> ---Mike
>
>
>
>>
>> Index: etc/login.conf
>> ===================================================================
>>
>>
- --- etc/login.conf (revision 236616)
>> +++ etc/login.conf (working copy) @@ -23,7 +23,7 @@ # AND
>> SEMANTICS'' section of getcap(3) for more escape sequences).
>>
>> default:\ - :passwd_format=md5:\ +
>> :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\
>> :welcome=/etc/motd:\
>> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
>>
>> DES
>
>
- --
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iQEcBAEBCAAGBQJP1ETFAAoJEG80Jeu8UPuzRWAH/3XDen0pxNpYDqRxfAiTKJjI
A0JqyNrVMMA3/ncenceODJs+7BugXRWnC5jyAzfxC5KulL1ZcBZCfYApdWgJ+Lun
yHnv/JryEK2InzGwuDX/P3Tt1TZVKtr5drs7yJuZnRaW5SWRRaPRvLqgGZ1PdNxb
/cHIXL+DPxHUXhwBcInhWWImNDJU3xEcvFQSpW4C8iqGqviFLE0WlhKTGVvnwiMO
lXTnyyadQMrMQW8XIgcgyNZ5b3asiTAC1TOXtaTWiFR2QPgfxZSvEoaxu/AMmep3
HegMWA0qXXCvj7E0xUECRs3tXG6hbxhaRJima8FdPeCLWcNtd12PC44xj+EuufQ=
=7wMd
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list