On Sat, Jun 09, 2012 at 12:04:25AM -0400, emu wrote: > On 2012-06-09 00:01, Robert Simmons wrote: > > On Fri, Jun 8, 2012 at 9:06 AM, Maxim Khitrov <m...@mxcrypt.com> > > wrote: > >> On Fri, Jun 8, 2012 at 8:51 AM, Dag-Erling Smørgrav <d...@des.no> > >> wrote: > >>> We still have MD5 as our default password hash, even though > >>> known-hash > >>> attacks against MD5 are relatively easy these days. We've > >>> supported > >>> SHA256 and SHA512 for many years now, so how about making SHA512 > >>> the > >>> default instead of MD5, like on most Linux distributions? > >> > >> If SHA-2 hashes have been supported for many years, why haven't the > >> man pages been updated? login.conf(5) on 9.0-RELEASE still only > >> lists > >> "des", "md5", and "blf". I've been using the latter on my systems. > > > > Yes, I think at least listing all the supported algorithms in the > > login.conf man page is of utmost importance. I've been using > > blowfish > > since it was introduced to FreeBSD over 12 years ago, but I had no > > idea that any other algorithms were possible/available until now.
> it was listed with 9.0, change /etc/login.conf from md5 to sha512 and > then cap_mkdb /etc/login.conf and then passwd root/users for effect. as > a previous post im not sure the /etc/auth.conf is necessary. AFAILR auth.conf was being deprecated and there was only one real user of that left to eliminate. Whether that has been eliminated is beyond me as I never tracked it... unimportant. -- - (2^(N-1)) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
