Changing the Default Password Encryption Algorithm on Solaris[TM] to Use Blowfish, MD5 or Any Other Algorithm
(Doc ID 1001835.1)
Last updated on JUNE 13, 2023
Applies to:
Solaris Operating System - Version 9 12/02 U2 and laterOracle Solaris on SPARC (32-bit)
Oracle Solaris on x86-64 (64-bit)
Oracle Solaris on x86 (32-bit)
Oracle Solaris on SPARC (64-bit)
Goal
In the era of increased security awareness, many people are looking for better ways to encrypt data and passwords.
This document details the steps necessary to configure Solaris[TM] 9 12/02 and later to use Blowfish or MD5 encryption algorithm as the default method for encrypting user passwords.
Every user on a UNIX system has a password associated with their login account. These passwords are encrypted in a one-way hash using the traditional UNIX crypt algorithm (crypt_unix).
This algorithm is no longer considered sufficiently secure for current systems and is provided for backward compatibility. This remains the default algorithm used for password encryption on Solaris[TM].
One of the biggest limitations is that only the first 8 characters of the key passed to this algorithm are used. The rest are silently ignored. See the crypt_unix(5) man page for further details.
Solaris 9 12/02 introduces the ability to change the default encryption algorithm for passwords to use the Blowfish (crypt_bsdbf) or MD5 (crypt_sunmd5/crypt_bsdmd5) algorithms.
Solaris 10 introduced support for the SHA256 (crypt_sha256) and SHA512 (crypt_sha512) encryption algorithms.
There are two versions of the MD5 algorithm:
- crypt_sunmd5: This is Sun's implementation of the MD5 algorithm
- crypt_bsdmd5: This is the BSD implementation of the MD5 algorithm and provides compatibility with md5crypt on BSD and Linux systems.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |