[Re: Default password hash]
Oliver Pinter
oliver.pntr at gmail.com
Sun Jun 10 22:26:42 UTC 2012
On 6/8/12, Dag-Erling Smørgrav <des at des.no> wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instead of MD5, like on most Linux distributions?
>
> Index: etc/login.conf
> ===================================================================
> --- etc/login.conf (revision 236616)
> +++ etc/login.conf (working copy)
> @@ -23,7 +23,7 @@
> # AND SEMANTICS'' section of getcap(3) for more escape sequences).
>
> default:\
> - :passwd_format=md5:\
> + :passwd_format=sha512:\
> :copyright=/etc/COPYRIGHT:\
> :welcome=/etc/motd:\
> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
>
> DES
> --
> Dag-Erling Smørgrav - des at des.no
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list