svn commit: r39015 - head/en_US.ISO8859-1/books/handbook/security

Benedict Reuschling bcr at
Sat Jun 9 21:45:21 UTC 2012

Author: bcr
Date: Sat Jun  9 21:45:20 2012
New Revision: 39015

  Update the section about user account hashes with two additional supported
  hash functions that can be used: SHA256 and SHA512. Also document how these
  are stored in the master.passwd file.


Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.sgml
--- head/en_US.ISO8859-1/books/handbook/security/chapter.sgml	Sat Jun  9 13:54:08 2012	(r39014)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.sgml	Sat Jun  9 21:45:20 2012	(r39015)
@@ -1037,7 +1037,7 @@
       <!-- 21 Mar 2000 -->
-    <title>DES, Blowfish, MD5, and Crypt</title>
+    <title>DES, Blowfish, MD5, SHA256, SHA512, and Crypt</title>
@@ -1048,6 +1048,8 @@
+    <indexterm><primary>SHA256</primary></indexterm>
+    <indexterm><primary>SHA512</primary></indexterm>
     <para>Every user on a &unix; system has a password associated with
       their account.  It seems obvious that these passwords need to be
@@ -1081,8 +1083,8 @@
       <title>Recognizing Your Crypt Mechanism</title>
-      <para>Currently the library supports DES, MD5 and Blowfish hash
-	functions.  By default &os; uses MD5 to encrypt
+      <para>Currently the library supports DES, MD5, Blowfish, SHA256,
+	and SHA512 hash functions.  By default &os; uses MD5 to encrypt
       <para>It is pretty easy to identify which encryption method &os;
@@ -1097,13 +1099,16 @@
 	than MD5 passwords, and are coded in a 64-character alphabet
 	which does not include the <literal>&dollar;</literal>
 	character, so a relatively short string which does not begin
-	with a dollar sign is very likely a DES password.</para>
+	with a dollar sign is very likely a DES password. Both SHA256
+	and SHA512 begin with the characters
+	<literal>&dollar;6&dollar;</literal>.</para>
       <para>The password format used for new passwords is controlled
 	by the <literal>passwd_format</literal> login capability in
 	<filename>/etc/login.conf</filename>, which takes values of
-	<literal>des</literal>, <literal>md5</literal> or
-	<literal>blf</literal>.  See the &man.login.conf.5; manual
+	<literal>des</literal>, <literal>md5</literal>,
+	<literal>blf</literal>, <literal>sha256</literal> or
+	<literal>sha512</literal>.  See the &man.login.conf.5; manual
 	page for more information about login capabilities.</para>

More information about the svn-doc-all mailing list