# lynis on FreeBSD-12.3p2 reports port password hashing methods



## byrnejb (Feb 15, 2022)

What is "password hashing method 51"? 

As for the rest I stumbled across the answers:

Q. What other methods are available?
A. 
	
	



```
passwd_format    string    sha512    The encryption format that new or
                                          changed passwords will use.  Valid
                                          values include "des", "md5", "blf",
                                          "sha256" and "sha512"
```

Q. Where is this set?  A. /etc/login.conf

Q. What man page discusses this setting? A. login.conf(5)


```
# lynis show details AUTH-9229
2022-02-15 14:30:01 Performing test ID AUTH-9229 (Check password hashing methods)
2022-02-15 14:30:01 Test: Checking password hashing methods
2022-02-15 14:30:01 Result: poor password hashing methods found: Unknown password hashing method 51:. Please report to lynis-dev@cisofy.com
2022-02-15 14:30:01 Suggestion: Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [test:AUTH-9229] [details:-] [solution:-]
2022-02-15 14:30:01 Hardening: assigned partial number of hardening points (0 of 2). Currently having 0 points (out of 2)
2022-02-15 14:30:01 ====
```


----------



## sko (Feb 15, 2022)

byrnejb said:


> poor password hashing methods found: Unknown password hashing method 51


"I don't recognize the hashing method, so it must be bad" 
I don't know what lynis is, but from this statement alone I already wouldn't rank its credibility very high...

Regarding your question: FreeBSD defaults to SHA512 [1] and it can be changed in login.conf(5).

[1] https://docs.freebsd.org/en/books/handbook/security/#security-passwords


----------



## covacat (Feb 15, 2022)

looks like it uses a shell script for the test
you can debug it and see why it sucks


----------

