Changing the Default Password Encryption Algorithm on Solaris[TM] to Use Blowfish, MD5 or Any Other Algorithm (Doc ID 1001835.1)

Last updated on AUGUST 01, 2016

Applies to:

Solaris Operating System - Version 9 12/02 U2 and later
All Platforms

Goal

In the era of increased security awareness, many people are looking for better ways to encrypt data and passwords.
This document details the steps necessary to configure Solaris[TM] 9 12/02 and later to use Blowfish or MD5 encryption algorithm as the default method for encrypting user passwords.

Every user on a UNIX system has a password associated with their login account. These passwords are encrypted in a one-way hash using the traditional UNIX crypt algorithm (crypt_unix).
This algorithm is no longer considered sufficiently secure for current systems and is provided for backward compatibility. This remains the default algorithm used for password encryption on Solaris[TM].

One of the biggest limitations is that only the first 8 characters of the key passed to this algorithm are used. The rest are silently ignored.  See the crypt_unix(5) man page for further details.

Solaris 9 12/02 introduces the ability to change the default encryption algorithm for passwords to use the Blowfish (crypt_bsdbf) or MD5 (crypt_sunmd5/crypt_bsdmd5) algorithms.

Solaris 10 introduced support for the SHA256 (crypt_sha256) and SHA512 (crypt_sha512) encryption algorithms.

There are two versions of the MD5 algorithm:

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms