changing md5 hashed for sha
Devin Teske
devin.teske at fisglobal.com
Sat Jun 23 16:05:56 UTC 2012
On Jun 23, 2012, at 6:37 AM, Christopher J. Ruwe wrote:
> For setting the dafault hash used to hash /etc/master.passwd, it has
> been recommended changing md5 for something more secure in the sense of
> being more expensive to crack.
>
> The handbook describes the procedure used in
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html.
> Allegedly, hashes which were hashed with one of the sha-functions begin
> with the character $6$.
>
Unfortunately, it appears that login.conf is ignored by pw w/respect to group(5) passwords.
Example Given:
Setting passwd_format=blf in login.conf(5) followed by executing:
echo newpass | sudo pw usermod SOMEUSER -h 0
sudo grep '^SOMEUSER:' /etc/master.passwd
# shows Blowfish hash starting with $2a$, meanwhile…
echo newpass | sudo pw groupmod SOMEGROUP -h 0
grep '^SOMEGROUP:' /etc/group
# shows login.conf(5) was ignored and an old-style crypt password (2-letter salt; 8-character max password)
:(
--
Devin
_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
More information about the freebsd-questions
mailing list