[nycbug-talk] blowfish FreeBSD passwords
Isaac Levy
ike at lesmuug.org
Wed Mar 22 16:42:51 EST 2006
Hey All,
QUESTION:
--
Just on my mind today- has anyone seen any talk of blowfish password
hashes being set as default in FreeBSD? It's standard on OpenBSD
right, but I'm annoyed today as I setup a bunch of new boxes and have
to manage one more thing...
HOW:
--
For the record, for people on list who don't know how to do this,
here's a simple comprehensive how-to, to make blowfish default for
password hashes instead of md5:
http://filter.rackeasy.com/articles/2005/11/30/setup-freebsd-to-use-
blowfish
WHY:
--
Perhaps some of the crypto hardcores on list can expound on this
issue, but here's my basic description of the issue- md5 hashes,
aside from being cracked (collisions), are not salted. Blowfish, is
salted. Therefore, it's significantly more difficult to brute-force
passwords based on blowfish hashes.
In essence, based on most threat models, if an untrusted user can
read your /etc/master.passwd file, you have other problems to worry
about- but this is a simple change that can mitigate small migrane
headaches.
Rocket-
.ike
More information about the talk
mailing list