[nycbug-talk] blowfish FreeBSD passwords

Isaac Levy ike at lesmuug.org
Wed Mar 22 16:42:51 EST 2006


Hey All,

QUESTION:
--
Just on my mind today- has anyone seen any talk of blowfish password  
hashes being set as default in FreeBSD?  It's standard on OpenBSD  
right, but I'm annoyed today as I setup a bunch of new boxes and have  
to manage one more thing...


HOW:
--
For the record, for people on list who don't know how to do this,  
here's a simple comprehensive how-to, to make blowfish default for  
password hashes instead of md5:

http://filter.rackeasy.com/articles/2005/11/30/setup-freebsd-to-use- 
blowfish

WHY:
--
Perhaps some of the crypto hardcores on list can expound on this  
issue, but here's my basic description of the issue- md5 hashes,  
aside from being cracked (collisions), are not salted.  Blowfish, is  
salted.  Therefore, it's significantly more difficult to brute-force  
passwords based on blowfish hashes.

In essence, based on most threat models, if an untrusted user can  
read your /etc/master.passwd file, you have other problems to worry  
about- but this is a simple change that can mitigate small migrane  
headaches.

Rocket-
.ike





More information about the talk mailing list