MD5 seems to be compromised by potential collision attacks. So I tried
to figure out how I can use another hash for security purposes when
hashing passwords for local users on a FreeBSD 7/8 box, like root or
local box administration. Looking at man login.conf reveals only three
possible hash algorithms selectable: md5 (recommended), des and blf.
Changing /etc/login.conf's tag
default:\
:passwd_format=sha1:\
followed by a obligatory "cap_mkdb" seems to do something - changing
root's password results in different hashes when selecting different
hash algorithms like des, md5, sha1, blf or even sha256.
Well, I never digged deep enough into the source code to reveal the
magic and truth, so I will ask here for some help. Is it possible to
change the md5-algorithm by default towards sha1 as recommended after
the md5-collisions has been published?
Thanks in advance,
Oliver
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
