My Oracle Support Banner

Changing the Default Password Encryption Algorithm on Solaris[TM] to Use Blowfish, MD5 or Any Other Algorithm (Doc ID 1001835.1)

Last updated on APRIL 19, 2021

Applies to:

Solaris Operating System - Version 9 12/02 U2 and later
Oracle Solaris on SPARC (32-bit)
Oracle Solaris on x86-64 (64-bit)
Oracle Solaris on x86 (32-bit)
Oracle Solaris on SPARC (64-bit)

Goal

In the era of increased security awareness, many people are looking for better ways to encrypt data and passwords.
This document details the steps necessary to configure Solaris[TM] 9 12/02 and later to use Blowfish or MD5 encryption algorithm as the default method for encrypting user passwords.

Every user on a UNIX system has a password associated with their login account. These passwords are encrypted in a one-way hash using the traditional UNIX crypt algorithm (crypt_unix).
This algorithm is no longer considered sufficiently secure for current systems and is provided for backward compatibility. This remains the default algorithm used for password encryption on Solaris[TM].

One of the biggest limitations is that only the first 8 characters of the key passed to this algorithm are used. The rest are silently ignored.  See the crypt_unix(5) man page for further details.

Solaris 9 12/02 introduces the ability to change the default encryption algorithm for passwords to use the Blowfish (crypt_bsdbf) or MD5 (crypt_sunmd5/crypt_bsdmd5) algorithms.

Solaris 10 introduced support for the SHA256 (crypt_sha256) and SHA512 (crypt_sha512) encryption algorithms.

There are two versions of the MD5 algorithm:

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.