It just came to me understanding and attention that I was not using the strongest encryption scheme to encrypt my user passwords. This article from "BSDVault explains how to change the default DES encryption on FreeBSD to Blowfish. By default DES is used when users are added with "adduser" to produce a cipher, which in turn goes through the MD5 function to produce a hash.
Blowfish is said to be extermely strong and that it has yet to be cracked! Here are the procedures I used as I was following the article on BSDValut.net:
$> vim /etc/login.conf
Changed: password_format=md5
To: :passwd_format=blf:$> cap_mkdb /etc/login.conf
$> vim /etc/auth.conf
Added: crypt_default = blf
$> Checking /etc/master.passwd I see:
blowfishuser:$2a$04$tZ8kRFQJ4YU50c9cEYccIu7Z6BtmwB5fpwsE.kl7ogbEwNyQCgG16:
Nice!
Note the "$2a$", which denotes blowfish encryption is being used. This time around the hash in much longer than MD5. So, now when password is use the password will be encrypted with blowfish.
No comments:
Post a Comment