Update the section about user account hashes with two additional supported
hash functions that can be used: SHA256 and SHA512. Also document how these are stored in the master.passwd file.
This commit is contained in:
Benedict Reuschling
parent
000137b579
commit
4a85330093
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=39015
1 changed files with 11 additions and 6 deletions
|
|
@ -1037,7 +1037,7 @@
|
|||
<!-- 21 Mar 2000 -->
|
||||
</sect1info>
|
||||
|
||||
<title>DES, Blowfish, MD5, and Crypt</title>
|
||||
<title>DES, Blowfish, MD5, SHA256, SHA512, and Crypt</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>security</primary>
|
||||
|
|
@ -1048,6 +1048,8 @@
|
|||
<indexterm><primary>Blowfish</primary></indexterm>
|
||||
<indexterm><primary>DES</primary></indexterm>
|
||||
<indexterm><primary>MD5</primary></indexterm>
|
||||
<indexterm><primary>SHA256</primary></indexterm>
|
||||
<indexterm><primary>SHA512</primary></indexterm>
|
||||
|
||||
<para>Every user on a &unix; system has a password associated with
|
||||
their account. It seems obvious that these passwords need to be
|
||||
|
|
@ -1081,8 +1083,8 @@
|
|||
<sect2>
|
||||
<title>Recognizing Your Crypt Mechanism</title>
|
||||
|
||||
<para>Currently the library supports DES, MD5 and Blowfish hash
|
||||
functions. By default &os; uses MD5 to encrypt
|
||||
<para>Currently the library supports DES, MD5, Blowfish, SHA256,
|
||||
and SHA512 hash functions. By default &os; uses MD5 to encrypt
|
||||
passwords.</para>
|
||||
|
||||
<para>It is pretty easy to identify which encryption method &os;
|
||||
|
|
@ -1097,13 +1099,16 @@
|
|||
than MD5 passwords, and are coded in a 64-character alphabet
|
||||
which does not include the <literal>$</literal>
|
||||
character, so a relatively short string which does not begin
|
||||
with a dollar sign is very likely a DES password.</para>
|
||||
with a dollar sign is very likely a DES password. Both SHA256
|
||||
and SHA512 begin with the characters
|
||||
<literal>$6$</literal>.</para>
|
||||
|
||||
<para>The password format used for new passwords is controlled
|
||||
by the <literal>passwd_format</literal> login capability in
|
||||
<filename>/etc/login.conf</filename>, which takes values of
|
||||
<literal>des</literal>, <literal>md5</literal> or
|
||||
<literal>blf</literal>. See the &man.login.conf.5; manual
|
||||
<literal>des</literal>, <literal>md5</literal>,
|
||||
<literal>blf</literal>, <literal>sha256</literal> or
|
||||
<literal>sha512</literal>. See the &man.login.conf.5; manual
|
||||
page for more information about login capabilities.</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
|
|
|||
Loading…
Reference in a new issue