On 2012-06-09 00:01, Robert Simmons wrote:
On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov <m...@mxcrypt.com>
wrote:
On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <d...@des.no>
wrote:
We still have MD5 as our default password hash, even though
known-hash
attacks against MD5 are relatively easy these days. We've
supported
SHA256 and SHA512 for many years now, so how about making SHA512
the
default instead of MD5, like on most Linux distributions?
If SHA-2 hashes have been supported for many years, why haven't the
man pages been updated? login.conf(5) on 9.0-RELEASE still only
lists
"des", "md5", and "blf". I've been using the latter on my systems.
Yes, I think at least listing all the supported algorithms in the
login.conf man page is of utmost importance. I've been using
blowfish
since it was introduced to FreeBSD over 12 years ago, but I had no
idea that any other algorithms were possible/available until now.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscr...@freebsd.org"
it was listed with 9.0, change /etc/login.conf from md5 to sha512 and
then cap_mkdb /etc/login.conf and then passwd root/users for effect. as
a previous post im not sure the /etc/auth.conf is necessary.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
