[nycbug-talk] blowfish FreeBSD passwords

Mikel King mikel.king at ocsny.com
Wed Mar 22 17:03:03 EST 2006


On Mar 22, 2006, at 4:42 PM, Isaac Levy wrote:

> Hey All,
>
> QUESTION:
> --
> Just on my mind today- has anyone seen any talk of blowfish password
> hashes being set as default in FreeBSD?  It's standard on OpenBSD
> right, but I'm annoyed today as I setup a bunch of new boxes and have
> to manage one more thing...
>
>
> HOW:
> --
> For the record, for people on list who don't know how to do this,
> here's a simple comprehensive how-to, to make blowfish default for
> password hashes instead of md5:
>
> http://filter.rackeasy.com/articles/2005/11/30/setup-freebsd-to-use-
> blowfish
>
> WHY:
> --
> Perhaps some of the crypto hardcores on list can expound on this
> issue, but here's my basic description of the issue- md5 hashes,
> aside from being cracked (collisions), are not salted.  Blowfish, is
> salted.  Therefore, it's significantly more difficult to brute-force
> passwords based on blowfish hashes.
>
> In essence, based on most threat models, if an untrusted user can
> read your /etc/master.passwd file, you have other problems to worry
> about- but this is a simple change that can mitigate small migrane
> headaches.
>
> Rocket-
> .ike

Ike,

Dru did a nice set of articles on O'Reilly, and isn't there a chapter  
in BSD Hacks on this as well?

Cheers,
m



More information about the talk mailing list