-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 06/09/12 04:34, Mike Tancsa wrote: > On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote: >> We still have MD5 as our default password hash, even though >> known-hash attacks against MD5 are relatively easy these days. >> We've supported SHA256 and SHA512 for many years now, so how >> about making SHA512 the default instead of MD5, like on most >> Linux distributions? > > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there.
Ping me next Friday if nobody else would volunteer. > RELENG_7 is supported until 2013 > > Sort of a security issue considering this assessment of MD5 > > http://phk.freebsd.dk/sagas/md5crypt_eol.html > > > ---Mike > > > >> >> Index: etc/login.conf >> =================================================================== >> >> - --- etc/login.conf (revision 236616) >> +++ etc/login.conf (working copy) @@ -23,7 +23,7 @@ # AND >> SEMANTICS'' section of getcap(3) for more escape sequences). >> >> default:\ - :passwd_format=md5:\ + >> :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\ >> :welcome=/etc/motd:\ >> :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\ >> >> DES > > - -- Xin LI <delp...@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP1ETFAAoJEG80Jeu8UPuzRWAH/3XDen0pxNpYDqRxfAiTKJjI A0JqyNrVMMA3/ncenceODJs+7BugXRWnC5jyAzfxC5KulL1ZcBZCfYApdWgJ+Lun yHnv/JryEK2InzGwuDX/P3Tt1TZVKtr5drs7yJuZnRaW5SWRRaPRvLqgGZ1PdNxb /cHIXL+DPxHUXhwBcInhWWImNDJU3xEcvFQSpW4C8iqGqviFLE0WlhKTGVvnwiMO lXTnyyadQMrMQW8XIgcgyNZ5b3asiTAC1TOXtaTWiFR2QPgfxZSvEoaxu/AMmep3 HegMWA0qXXCvj7E0xUECRs3tXG6hbxhaRJima8FdPeCLWcNtd12PC44xj+EuufQ= =7wMd -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
