I’ve been spending a lot of time lately researching FreeBSD security solutions. Topics such as pf (packet filter), system hardening, etc. One of the tips that I thought I’d share here is a method of configuring your system to use blowfish encryption for passwords as opposed to the default MD5. If you are on a system that has a lot of users it might be prudent to update the encryption type to make your stored passphrase safer.
The password format is stored within the /etc/login.conf file. The default value being “md5”. To update your configuration to use blowfish instead make the following change to your file:
After you’ve made this change you’ll need to rehash the login database, which is done using the cap_mkdb command:
At this point any newly assigned passwords will be created using blowfish instead of MD5. Any existing accounts will retain their MD5 password hash until the password is reset.