Skip to content

Configure FreeBSD To Use Blowfish Password Format


I’ve been spending a lot of time lately researching FreeBSD security solutions. Topics such as pf (packet filter), system hardening, etc. One of the tips that I thought I’d share here is a method of configuring your system to use blowfish encryption for passwords as opposed to the default MD5. If you are on a system that has a lot of users it might be prudent to update the encryption type to make your stored passphrase safer.

Configure /etc/login.conf

The password format is stored within the /etc/login.conf file. The default value being “md5”. To update your configuration to use blowfish instead make the following change to your file:

–       :passwd_format=md5:\

  •       :passwd_format=blf:\

After you’ve made this change you’ll need to rehash the login database, which is done using the cap_mkdb command:

cap_mkdb /etc/login.conf

At this point any newly assigned passwords will be created using blowfish instead of MD5. Any existing accounts will retain their MD5 password hash until the password is reset.

Related Posts

  1. FreeBSD Security Update: 7.1-RELEASE-p4 Available
  2. pf (packet filter) Documentation
  3. Upcoming in FreeBSD 8.x
  4. Quickly Lock Your Screen: Mac OS X
  5. Detect Conficker Worm With nmap 4.85BETA6 on Arch Linux
  6. Update: Weekly Update Reporting Via Portmaster
  7. WordPress Permalink Support: FreeBSD + Lighttpd