From owner-svn-doc-all@FreeBSD.ORG Sat Jun 9 21:45:21 2012 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 45BC81065670; Sat, 9 Jun 2012 21:45:21 +0000 (UTC) (envelope-from bcr@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 16E1D8FC0A; Sat, 9 Jun 2012 21:45:21 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q59LjKSW055697; Sat, 9 Jun 2012 21:45:20 GMT (envelope-from bcr@svn.freebsd.org) Received: (from bcr@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q59LjKwk055695; Sat, 9 Jun 2012 21:45:20 GMT (envelope-from bcr@svn.freebsd.org) Message-Id: <201206092145.q59LjKwk055695@svn.freebsd.org> From: Benedict Reuschling Date: Sat, 9 Jun 2012 21:45:20 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r39015 - head/en_US.ISO8859-1/books/handbook/security X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 21:45:21 -0000 Author: bcr Date: Sat Jun 9 21:45:20 2012 New Revision: 39015 URL: http://svn.freebsd.org/changeset/doc/39015 Log: Update the section about user account hashes with two additional supported hash functions that can be used: SHA256 and SHA512. Also document how these are stored in the master.passwd file. Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.sgml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Sat Jun 9 13:54:08 2012 (r39014) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.sgml Sat Jun 9 21:45:20 2012 (r39015) @@ -1037,7 +1037,7 @@ - DES, Blowfish, MD5, and Crypt + DES, Blowfish, MD5, SHA256, SHA512, and Crypt security @@ -1048,6 +1048,8 @@ Blowfish DES MD5 + SHA256 + SHA512 Every user on a &unix; system has a password associated with their account. It seems obvious that these passwords need to be @@ -1081,8 +1083,8 @@ Recognizing Your Crypt Mechanism - Currently the library supports DES, MD5 and Blowfish hash - functions. By default &os; uses MD5 to encrypt + Currently the library supports DES, MD5, Blowfish, SHA256, + and SHA512 hash functions. By default &os; uses MD5 to encrypt passwords. It is pretty easy to identify which encryption method &os; @@ -1097,13 +1099,16 @@ than MD5 passwords, and are coded in a 64-character alphabet which does not include the $ character, so a relatively short string which does not begin - with a dollar sign is very likely a DES password. + with a dollar sign is very likely a DES password. Both SHA256 + and SHA512 begin with the characters + $6$. The password format used for new passwords is controlled by the passwd_format login capability in /etc/login.conf, which takes values of - des, md5 or - blf. See the &man.login.conf.5; manual + des, md5, + blf, sha256 or + sha512. See the &man.login.conf.5; manual page for more information about login capabilities.