On Jun 23, 2012, at 6:37 AM, Christopher J. Ruwe wrote: > For setting the dafault hash used to hash /etc/master.passwd, it has > been recommended changing md5 for something more secure in the sense of > being more expensive to crack. > > The handbook describes the procedure used in > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/crypt.html. > Allegedly, hashes which were hashed with one of the sha-functions begin > with the character $6$. >
Unfortunately, it appears that login.conf is ignored by pw w/respect to group(5) passwords. Example Given: Setting passwd_format=blf in login.conf(5) followed by executing: echo newpass | sudo pw usermod SOMEUSER -h 0 sudo grep '^SOMEUSER:' /etc/master.passwd # shows Blowfish hash starting with $2a$, meanwhile… echo newpass | sudo pw groupmod SOMEGROUP -h 0 grep '^SOMEGROUP:' /etc/group # shows login.conf(5) was ignored and an old-style crypt password (2-letter salt; 8-character max password) :( -- Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
