passwd.conf(5): switch default cipher for new user accounts to Argon2id

As well as offering a dynamic amount of iterations and memory usage, which fits well with NetBSD's goal of running on a diverse range of hardware devices, Argon2id offers improved resistance to GPU-based password cracking and side channel attacks.
2021-10-26 20:44:45 +00:00 · 2021-10-26 20:44:45 +00:00 · 0e837f732b
parent 3ce143e32b
commit 0e837f732b
2 changed files with 13 additions and 4 deletions
--- a/etc/passwd.conf
+++ b/etc/passwd.conf
@ -1,9 +1,9 @@
-#	$NetBSD: passwd.conf,v 1.3 2010/12/03 21:40:04 jmmv Exp $
+#	$NetBSD: passwd.conf,v 1.4 2021/10/26 20:44:45 nia Exp $
 #
 # passwd.conf(5) -
 #	password configuration file
 #

 default:
-	localcipher = sha1
+	localcipher = argon2id
 	ypcipher = old
--- a/share/man/man5/passwd.conf.5
+++ b/share/man/man5/passwd.conf.5
@ -1,4 +1,4 @@
-.\"	$NetBSD: passwd.conf.5,v 1.12 2021/10/12 11:08:14 nia Exp $
+.\"	$NetBSD: passwd.conf.5,v 1.13 2021/10/26 20:44:45 nia Exp $
 .\"
 .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
 .\" All rights reserved.
@ -28,7 +28,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 12, 2021
+.Dd October 26, 2021
 .Dt PASSWD.CONF 5
 .Os
 .Sh NAME
@ -139,3 +139,12 @@ in
 .Pa /etc/passwd.conf
 starting from
 .Nx 6.0 .
+.Pp
+The default value of
+.Sy localcipher
+was set to
+.Dq argon2id 
+in
+.Pa /etc/passwd.conf
+starting from
+.Nx 10.0 .