Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.


Hashing password with bcrypt in Solaris 10


Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
Hashing password with bcrypt in Solaris 10. Alternative from Oracle?

Hi,

Our security audit person generated a report for Solaris-10 servers and mentioned this suggestion - "All passwords should be hashed using bcrypt. Solaris 10 supports this blowfish-based hash algorithm with the identifier 2a. To verify this, ensure the password hashes start with $2a$. Additionally, all passwords currently hashed as descrypt should be changed."
Looks like, it is a third party utility and not from Oracle. In case of any issue, they may say that it is not supported by us. For achieving similar result, does Solaris have any default tool instead of testing/implementing a third party tool ?

Please advice.

Thanks

Last edited by solaris_1977; 05-30-2019 at 02:49 PM..
# 2  
I've read your post a few times but I'm not sure what your question is.

Solaris can be configured to use different algorithms for password hashing by the settings in /etc/security/policy.conf.

You are correct in that Blowfish is represented by '2a' in that file.

If you set '2a' then all passwords set after that would use Blowfish.

Start reading here.
This User Gave Thanks to hicksd8 For This Post:
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Hashing URLs
twjolson
So, I am writing a script that will read output from Bulk Extractor (which gathers data based on regular expressions). My script then reads the column that has the URL found, hashes it with MD5, then outputs the URL and hash to a file. Where I am stuck on is that I want to read the bulk...... Shell Programming and Scripting
7
Shell Programming and Scripting
[solved] Password hashing
bitlord
Hello, I'm having an issue with my password hashing. In /etc/shadow all the passwords hashes start with $1$. The security people want me to change it so the password hash starts with $5$ or $6$. So this is what I did to fix this. I changed CRYPT_DEFAULT for 1 to 6 CRYPT_DEFAULT=6When I create a...... Solaris
0
Solaris
password hashing algorithms
Perderabo
I'm collecting some info on the password hashing algorithms in use on various Unix systems. So far I have: no $ legacy unix crypt $1$ MD5 $2$ Blowfish on BSD $2a$ alternate Blowfish on BSD $md5$ Sun's alternate MD5 $3$ a Microsoft hash $4$ not used? $5$ RedHat proposed Sha-256...... UNIX for Advanced & Expert Users
2
UNIX for Advanced & Expert Users
Hashing or MD5
amit4g
Hi, how can one find that which encryption algorithm the system is using for keeping the user password in the /etc/passwd or /etc/shadow file. Is it 1: Hashing ( which considers only first 5 letters of password) 2: MD5 (Which allows arbitry length passwords) Thanks, ~amit... UNIX for Dummies Questions & Answers
0
UNIX for Dummies Questions & Answers

Featured Tech Videos