>Use Blowfish for user password not MD5!

>


It just came to me understanding and attention that I was not using the strongest encryption scheme to encrypt my user passwords. This article from “BSDVault explains how to change the default DES encryption on FreeBSD to Blowfish. By default DES is used when users are added with “adduser” to produce a cipher, which in turn goes through the MD5 function to produce a hash.


Blowfish is said to be extermely strong and that it has yet to be cracked! Here are the procedures I used as I was following the article on BSDValut.net:

$> vim /etc/login.conf

Changed: password_format=md5

To: :passwd_format=blf:$> cap_mkdb /etc/login.conf

$> vim /etc/auth.conf

Added: crypt_default = blf

$> Checking /etc/master.passwd I see:

blowfishuser:$2a$04$tZ8kRFQJ4YU50c9cEYccIu7Z6BtmwB5fpwsE.kl7ogbEwNyQCgG16:

Nice!

Note the “$2a$”, which denotes blowfish encryption is being used. This time around the hash in much longer than MD5. So, now when password is use the password will be encrypted with blowfish.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s