[nycbug-talk] blowfish FreeBSD passwords
mikel.king at ocsny.com
Wed Mar 22 17:03:03 EST 2006
On Mar 22, 2006, at 4:42 PM, Isaac Levy wrote:
> Hey All,
> Just on my mind today- has anyone seen any talk of blowfish password
> hashes being set as default in FreeBSD? It's standard on OpenBSD
> right, but I'm annoyed today as I setup a bunch of new boxes and have
> to manage one more thing...
> For the record, for people on list who don't know how to do this,
> here's a simple comprehensive how-to, to make blowfish default for
> password hashes instead of md5:
> Perhaps some of the crypto hardcores on list can expound on this
> issue, but here's my basic description of the issue- md5 hashes,
> aside from being cracked (collisions), are not salted. Blowfish, is
> salted. Therefore, it's significantly more difficult to brute-force
> passwords based on blowfish hashes.
> In essence, based on most threat models, if an untrusted user can
> read your /etc/master.passwd file, you have other problems to worry
> about- but this is a simple change that can mitigate small migrane
Dru did a nice set of articles on O'Reilly, and isn't there a chapter
in BSD Hacks on this as well?
More information about the talk