svn commit: r39015 - head/en_US.ISO8859-1/books/handbook/security
Benedict Reuschling
bcr at FreeBSD.org
Sat Jun 9 21:45:21 UTC 2012
Author: bcr
Date: Sat Jun 9 21:45:20 2012
New Revision: 39015
URL: http://svn.freebsd.org/changeset/doc/39015
Log:
Update the section about user account hashes with two additional supported
hash functions that can be used: SHA256 and SHA512. Also document how these
are stored in the master.passwd file.
Modified:
head/en_US.ISO8859-1/books/handbook/security/chapter.sgml
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.sgml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Sat Jun 9 13:54:08 2012 (r39014)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Sat Jun 9 21:45:20 2012 (r39015)
@@ -1037,7 +1037,7 @@
<!-- 21 Mar 2000 -->
</sect1info>
- <title>DES, Blowfish, MD5, and Crypt</title>
+ <title>DES, Blowfish, MD5, SHA256, SHA512, and Crypt</title>
<indexterm>
<primary>security</primary>
@@ -1048,6 +1048,8 @@
<indexterm><primary>Blowfish</primary></indexterm>
<indexterm><primary>DES</primary></indexterm>
<indexterm><primary>MD5</primary></indexterm>
+ <indexterm><primary>SHA256</primary></indexterm>
+ <indexterm><primary>SHA512</primary></indexterm>
<para>Every user on a &unix; system has a password associated with
their account. It seems obvious that these passwords need to be
@@ -1081,8 +1083,8 @@
<sect2>
<title>Recognizing Your Crypt Mechanism</title>
- <para>Currently the library supports DES, MD5 and Blowfish hash
- functions. By default &os; uses MD5 to encrypt
+ <para>Currently the library supports DES, MD5, Blowfish, SHA256,
+ and SHA512 hash functions. By default &os; uses MD5 to encrypt
passwords.</para>
<para>It is pretty easy to identify which encryption method &os;
@@ -1097,13 +1099,16 @@
than MD5 passwords, and are coded in a 64-character alphabet
which does not include the <literal>$</literal>
character, so a relatively short string which does not begin
- with a dollar sign is very likely a DES password.</para>
+ with a dollar sign is very likely a DES password. Both SHA256
+ and SHA512 begin with the characters
+ <literal>$6$</literal>.</para>
<para>The password format used for new passwords is controlled
by the <literal>passwd_format</literal> login capability in
<filename>/etc/login.conf</filename>, which takes values of
- <literal>des</literal>, <literal>md5</literal> or
- <literal>blf</literal>. See the &man.login.conf.5; manual
+ <literal>des</literal>, <literal>md5</literal>,
+ <literal>blf</literal>, <literal>sha256</literal> or
+ <literal>sha512</literal>. See the &man.login.conf.5; manual
page for more information about login capabilities.</para>
</sect2>
</sect1>
More information about the svn-doc-all
mailing list