Updates for Blowfish password hashing.

etc/login.conf

@@ -24,6 +24,7 @@ default:\
 	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
 	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
 	:nologin=/var/run/nologin:\
+	:passwd_format=md5:\
 	:cputime=unlimited:\
 	:datasize=unlimited:\
 	:stacksize=unlimited:\

lib/libutil/login.conf.5

@@ -206,7 +206,7 @@ ensure octal interpretation.
 .It "minpasswordlen	number	6	The minimum length a local password may be.
 .It "passwd_format	string	md5	The encryption format that new or
 changed passwords will use.
-Valid values include "md5" and "des".
+Valid values include "des", "md5" and "blf".
 NIS clients using a
 .No non- Ns Fx
 NIS server should probably use "des".

usr.bin/passwd/local_passwd.c

@@ -100,7 +100,7 @@ getnewpasswd(pw, nis)
 #ifdef LOGIN_CAP
 	login_cap_t * lc;
 #endif
-	char buf[_PASSWORD_LEN+1], salt[10];
+	char buf[_PASSWORD_LEN+1], salt[32];
 	struct timeval tv;
 
 	if (!nis)
@@ -182,7 +182,11 @@ getnewpasswd(pw, nis)
 	to64(&salt[0], random(), 3);
 	to64(&salt[3], tv.tv_usec, 3);
 	to64(&salt[6], tv.tv_sec, 2);
-	salt[8] = '\0';
+	to64(&salt[8], random(), 5);
+	to64(&salt[13], random(), 5);
+	to64(&salt[17], random(), 5);
+	to64(&salt[22], random(), 5);
+	salt[27] = '\0';
 #endif
 	return (crypt(buf, salt));
 }