Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 4 Jan 2009 14:58:10 +0900
From:      "Daniel Marsh" <jahilliya@gmail.com>
To:        "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de>,  freebsd-security@freebsd.org
Subject:   Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
Message-ID:  <ba5e78ea0901032158v717469d8j52830c757274eece@mail.gmail.com>
In-Reply-To: <495FDC97.4090301@mail.zedat.fu-berlin.de>
References:  <495FDC97.4090301@mail.zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hey

What's wrong with the blowfish hash?

Reading up on it the full 16 round cipher is unbroken, only 4 and 14
round versions can be broke.

Regards

Daniel


On 1/4/09, O. Hartmann <ohartman@mail.zedat.fu-berlin.de> wrote:
> MD5 seems to be compromised by potential collision attacks. So I tried
> to figure out how I can use another hash for security purposes when
> hashing passwords for local users on a FreeBSD 7/8 box, like root or
> local box administration. Looking at man login.conf reveals only three
> possible hash algorithms selectable: md5 (recommended), des and blf.
> Changing /etc/login.conf's tag
>
> default:\
>         :passwd_format=sha1:\
>
>
> followed by a obligatory "cap_mkdb" seems to do something - changing
> root's password results in different hashes when selecting different
> hash algorithms like des, md5, sha1, blf or even sha256.
>
> Well, I never digged deep enough into the source code to reveal the
> magic and truth, so I will ask here for some help. Is it possible to
> change the md5-algorithm by default towards sha1 as recommended after
> the md5-collisions has been published?
>
> Thanks in advance,
> Oliver
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>


-- 

http://buymeahouse.stiw.org/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba5e78ea0901032158v717469d8j52830c757274eece>