O. Hartmann
2009-Jan-04 00:16 UTC
MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
MD5 seems to be compromised by potential collision attacks. So I tried to figure out how I can use another hash for security purposes when hashing passwords for local users on a FreeBSD 7/8 box, like root or local box administration. Looking at man login.conf reveals only three possible hash algorithms selectable: md5 (recommended), des and blf. Changing /etc/login.conf's tag default:\ :passwd_format=sha1:\ followed by a obligatory "cap_mkdb" seems to do something - changing root's password results in different hashes when selecting different hash algorithms like des, md5, sha1, blf or even sha256. Well, I never digged deep enough into the source code to reveal the magic and truth, so I will ask here for some help. Is it possible to change the md5-algorithm by default towards sha1 as recommended after the md5-collisions has been published? Thanks in advance, Oliver
Mike Tancsa
2009-Jan-04 04:11 UTC
MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
At 04:45 PM 1/3/2009, O. Hartmann wrote:>followed by a obligatory "cap_mkdb" seems to do something - changing >root's password results in different hashes when selecting different >hash algorithms like des, md5, sha1, blf or even sha256. > >Well, I never digged deep enough into the source code to reveal the >magic and truth, so I will ask here for some help. Is it possible to >change the md5-algorithm by default towards sha1 as recommended after >the md5-collisions has been published?Are you sure sha1 is supported ? It looks like if you put in something not understood in the login.conf file, it defaults to what appears to be DES. ---Mike>Thanks in advance, >Oliver >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Stanislav Sedov
2009-Jan-04 06:26 UTC
MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 03 Jan 2009 22:45:59 +0100 "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de> mentioned:> MD5 seems to be compromised by potential collision attacks. So I tried > to figure out how I can use another hash for security purposes when > hashing passwords for local users on a FreeBSD 7/8 box, like root or > local box administration. Looking at man login.conf reveals only three > possible hash algorithms selectable: md5 (recommended), des and blf. > Changing /etc/login.conf's tag > > default:\ > :passwd_format=sha1:\ > > > followed by a obligatory "cap_mkdb" seems to do something - changing > root's password results in different hashes when selecting different > hash algorithms like des, md5, sha1, blf or even sha256. > > Well, I never digged deep enough into the source code to reveal the > magic and truth, so I will ask here for some help. Is it possible to > change the md5-algorithm by default towards sha1 as recommended after > the md5-collisions has been published? >The default hash format can be configured via auth.conf(5) file. AFAIK, md5, des, blowfish and nthash are supported currently. BTW, I don't think that recently discovered collisions in md5 algoritm can compromise system passwords, as crypt(3) md5 scheme doesn't store the plain md5 sums, but result of a number of md5 computations over a salted password string. Of course, being able to find hash collisions can speedup the brute-force attack a bit, but this had to be proven first... - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAklgVukACgkQK/VZk+smlYFurQCeOobQDi6tCbJ9ZeK8V5aUAY3O mMoAoIKvPDKvN1oogSWyGhYln3jCFWgX =NZZk -----END PGP SIGNATURE----- !DSPAM:4960565a967008001220501!
Daniel Marsh
2009-Jan-04 06:31 UTC
MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
Hey What's wrong with the blowfish hash? Reading up on it the full 16 round cipher is unbroken, only 4 and 14 round versions can be broke. Regards Daniel On 1/4/09, O. Hartmann <ohartman@mail.zedat.fu-berlin.de> wrote:> MD5 seems to be compromised by potential collision attacks. So I tried > to figure out how I can use another hash for security purposes when > hashing passwords for local users on a FreeBSD 7/8 box, like root or > local box administration. Looking at man login.conf reveals only three > possible hash algorithms selectable: md5 (recommended), des and blf. > Changing /etc/login.conf's tag > > default:\ > :passwd_format=sha1:\ > > > followed by a obligatory "cap_mkdb" seems to do something - changing > root's password results in different hashes when selecting different > hash algorithms like des, md5, sha1, blf or even sha256. > > Well, I never digged deep enough into the source code to reveal the > magic and truth, so I will ask here for some help. Is it possible to > change the md5-algorithm by default towards sha1 as recommended after > the md5-collisions has been published? > > Thanks in advance, > Oliver > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >-- http://buymeahouse.stiw.org/
Poul-Henning Kamp
2009-Jan-04 10:11 UTC
MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
In message <495FDC97.4090301@mail.zedat.fu-berlin.de>, "O. Hartmann" writes:>MD5 seems to be compromised by potential collision attacks.No it is not. Single MD5 invocations with controlled plaintext allow you to construct appendages to the plaintext, which would result in identical MD5 hash values. This does not affect your passwords. 1. If you already know peoples password, why futz with the encryption of them ? 2. MD5 password hash is not single invocation, in fact MD5 i iterated more than a thousand times in various permutations. Nobody has any idea how to break that, short of brute force. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Peter Jeremy
2009-Jan-06 10:27 UTC
MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf?
On 2009-Jan-03 22:45:59 +0100, "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de> wrote:>Well, I never digged deep enough into the source code to reveal the >magic and truth, so I will ask here for some help.The relevant algorithms and their names are embedded in src/lib/libcrypt/crypt.c> Is it possible to >change the md5-algorithm by default towards sha1 as recommended after >the md5-collisions has been published?Note that both MD5 and SHA1 are broken in the cryprographic sense. As various people have noted, the known breaks do not impact on MD5 password hashes. -- Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20090106/8902ad97/attachment.pgp