Default password hash
Dag-Erling Smørgrav
des at des.no
Fri Jun 8 12:51:57 UTC 2012
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5, like on most Linux distributions?
Index: etc/login.conf
===================================================================
--- etc/login.conf (revision 236616)
+++ etc/login.conf (working copy)
@@ -23,7 +23,7 @@
# AND SEMANTICS'' section of getcap(3) for more escape sequences).
default:\
- :passwd_format=md5:\
+ :passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list