On 6/8/12, Dag-Erling Sm=F8rgrav <des@des.no> wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? > > Index: etc/login.conf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- etc/login.conf (revision 236616) > +++ etc/login.conf (working copy) > @@ -23,7 +23,7 @@ > # AND SEMANTICS'' section of getcap(3) for more escape sequences). > > default:\ > - :passwd_format=3Dmd5:\ > + :passwd_format=3Dsha512:\ > :copyright=3D/etc/COPYRIGHT:\ > :welcome=3D/etc/motd:\ > :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,FTP_PASSIVE_MODE=3DYES= :\ > > DES > -- > Dag-Erling Sm=F8rgrav - des@des.no > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"