Changing the Default Password Encryption Algorithm on Solaris[TM] to Use Blowfish, MD5 or Any Other Algorithm
Last updated on NOVEMBER 08, 2017
Applies to:Solaris Operating System - Version 9 12/02 U2 and later
In the era of increased security awareness, many people are looking for better ways to encrypt data and passwords.
This document details the steps necessary to configure Solaris[TM] 9 12/02 and later to use Blowfish or MD5 encryption algorithm as the default method for encrypting user passwords.
Every user on a UNIX system has a password associated with their login account. These passwords are encrypted in a one-way hash using the traditional UNIX crypt algorithm (crypt_unix).
This algorithm is no longer considered sufficiently secure for current systems and is provided for backward compatibility. This remains the default algorithm used for password encryption on Solaris[TM].
One of the biggest limitations is that only the first 8 characters of the key passed to this algorithm are used. The rest are silently ignored. See the crypt_unix(5) man page for further details.
Solaris 9 12/02 introduces the ability to change the default encryption algorithm for passwords to use the Blowfish (crypt_bsdbf) or MD5 (crypt_sunmd5/crypt_bsdmd5) algorithms.
Solaris 10 introduced support for the SHA256 (crypt_sha256) and SHA512 (crypt_sha512) encryption algorithms.
There are two versions of the MD5 algorithm:
- crypt_sunmd5: This is Sun's implementation of the MD5 algorithm
- crypt_bsdmd5: This is the BSD implementation of the MD5 algorithm and provides compatibility with md5crypt on BSD and Linux systems.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms