Re: Default password encryption method.
Hi Max, Thanks for the link. I did not notice, that it was already discussed. Best regards! ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Default password encryption method.
Hello, By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be more secure than e.g. DES but less than e.g. SHA512. Currently several major Linux distributions, uses a SHA512 mechanism. Suse Linux also offers a blowfish. Some Debian based distributions use MD5-based algorithm compatible with the one used by recent releases of FreeBSD - but mostly this variable (* MD5_CRYPT_ENAB*) is deprecated, and SHA512-based algorithm is used. Of course, in FreeBSD we can change the MD5 for example to BLF, but, it will be not a better solution to use SHA512 by default? ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Re: Starting X11 with kernel secure level greater than -1/0.
Thanks Jason. Of course opening (or doing whatever with) mem, kmem etc. is a security flaw. A fatal flaw. I thought that OpenBSD team has done nice work to achieve a compromise between security and the use of X and it could be done with FreeBSD. I already have implemented some of MAC's policies (e.g. mac_seeotheruids), and a couple of sysctl's options, but for now, it is implemented for various testing. I have to read a lot more on these topics. :-) Kernel without BPF? OK! But not for now - I need to have DHCP upon startup for some time yet.! :-) Best regards! ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Starting X11 with kernel secure level greater than -1/0.
Hi, is there any chance (if yes, how to do this?) to use the xf86 driver which provides access to the memory and I/O ports of a VGA board and to the PCI configuration registers for use by the X servers when running with a kernel security level greater than 0 in FreeBSD*? Then it will be possible to start X environment with a kernel secure level 0, right? Normally it is impossible because of /dev/kmem etc. access. It is default solution in OpenBSD, I guess. Hmm, I see, that there is not xf86 in /dev directory, but... I know, that there is already a couple of xf86 drivers (e.g. xf86-video-nv, xf86-video-intel or libXxf86vm etc). These drivers are not right/required/correct, right? Of course I can change this level after system and X's start, but it is not the point. Is there any solution? Best regards! Ian. __ * source: OpenBSD XF86(4) man page. http://www.marko.homeunix.org/cgi-bin/man-cgi?xf86+4 ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Re: Which algorithm is used for IP fragmentation ID?
Hello! Since, Fabian has taken steps to resolve the problem of spam (He sent detailed e-mail to the admins), let say, that this problem is solved. Can we get back to the question about 'IP fragmentation ID'? Thanks. Best regards! Fabian, thanks for the commitment. Ian. 2011/9/6, Fabian Wenk fab...@wenks.ch: Hello On 06.09.2011 12:57, Fabian Wenk wrote: I have sent an e-mail with all the details to the admins of the mailing list, as I suspect we have a rouge subscriber in the list. Is is a bad idea only to trust the spell correction for a foreign language, obviously it should be rogue instead of rouge. :) bye Fabian ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
Which algorithm is used for IP fragmentation ID?
Hello everyone. It is my first post on this mailinglist. As we know in FreeBSD there is the pseudo random number generator (PRNG) for random IP fragmentation ID. It is available when net.inet.ip.random_id sysctl variable is set to 1 (default 0). I would like to know, which algorithm (X2, X3 or A0 or another one) is used in FreeBSD 8.1-RELEASE or better in 8 branch? Which algorithm is used in FreeBSD for packet filtering (IP packet normalization, or e.g. scrub on $ext_if ... random-id for the PF ruleset), pfsync interface protocol and (if the kernel flag net.inet.ip.random_id is set to 1) for regular IP traffic (with TCP/UDP), IP multicast routing... etc? Best regards! ___ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org