Default password hash

Maxim Khitrov max at mxcrypt.com
Fri Jun 8 13:06:44 UTC 2012


On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <des at des.no> wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days.  We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instead of MD5, like on most Linux distributions?

If SHA-2 hashes have been supported for many years, why haven't the
man pages been updated? login.conf(5) on 9.0-RELEASE still only lists
"des", "md5", and "blf". I've been using the latter on my systems.

- Max


More information about the freebsd-security mailing list