Skip to content

md5

Configure FreeBSD To Use Blowfish Password Format

I’ve been spending a lot of time lately researching FreeBSD security solutions. Topics such as pf (packet filter), system hardening, etc. One of the tips that I thought I’d share here is a method of configuring your system to use blowfish encryption for passwords as opposed to the default MD5. If you are on a system that has a lot of users it might be prudent to update the encryption type to make your stored passphrase safer. Configure /etc/login.conf The password format is stored within the /etc/login.conf file. The default value being “md5”. To update your configuration to use blowfish instead make the following change to your file: – :passwd_format=md5:\  :passwd_format=blf:\ After you’ve made this change you’ll need to rehash the login database, which is done using the cap_mkdb command: cap_mkdb /etc/login.conf At this point any newly assigned passwords will be created using blowfish instead of MD5. Read more