From owner-freebsd-questions@FreeBSD.ORG Tue Aug 2 17:01:50 2011 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADBCF106564A for ; Tue, 2 Aug 2011 17:01:50 +0000 (UTC) (envelope-from xoreax63@gmail.com) Received: from mail-ew0-f54.google.com (mail-ew0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 46CE18FC13 for ; Tue, 2 Aug 2011 17:01:49 +0000 (UTC) Received: by ewy1 with SMTP id 1so4802598ewy.13 for ; Tue, 02 Aug 2011 10:01:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=8bMo/JNdG74j1SzzVoCmH/duYq/wz4mgPATHTX0zU+g=; b=r153mo5g12O8pv3Z4d16otutPZKmFOJtW1RZsoBCtY8skZCSceRzqtaN4ATVT64MSX YpihdF2rZkXMJACuou4IcV2Z1xSaXsPdH87iKe1R9Jv56+kINWnFSQ1yZFfpz4sbILjo DD4Yb7PHLzFJKNXM5Am8ixby+al5JCQ/KoW6k= MIME-Version: 1.0 Received: by 10.204.143.10 with SMTP id s10mr1834101bku.108.1312302972439; Tue, 02 Aug 2011 09:36:12 -0700 (PDT) Received: by 10.204.38.197 with HTTP; Tue, 2 Aug 2011 09:36:12 -0700 (PDT) Date: Tue, 2 Aug 2011 17:36:12 +0100 Message-ID: From: =?ISO-2022-JP?B?GyRCJV4lcyVtITwlLyVqJTklSCVVJSEbKEI=?= To: freebsd-questions@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1 X-Mailman-Approved-At: Tue, 02 Aug 2011 17:11:04 +0000 Cc: Subject: password hash weaknesses in FreeBSD ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2011 17:01:50 -0000 The crypt program to hash passwords uses md5 /DES/blowfish for password hashing as I have read in the handbook. DES and md5 are widely regarded to be broken (certainly DES). I would prefer password hashing to be done using salted SHA1 / SHA256 to meet my security needs. Is this configuration possible?