3 files changed, 8 insertions, 3 deletions

diff --git a/etc/login.conf b/etc/login.conf
index 74ded6f..6c1faa0 100644
--- a/etc/login.conf
+++ b/etc/login.conf
@@ -24,6 +24,7 @@ default:\
 	:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
 	:path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin ~/bin:\
 	:nologin=/var/run/nologin:\
+	:passwd_format=md5:\
 	:cputime=unlimited:\
 	:datasize=unlimited:\
 	:stacksize=unlimited:\
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5
index b579bf5..5a5a1db 100644
--- a/lib/libutil/login.conf.5
+++ b/lib/libutil/login.conf.5
@@ -206,7 +206,7 @@ ensure octal interpretation.
 .It "minpasswordlen	number	6	The minimum length a local password may be.
 .It "passwd_format	string	md5	The encryption format that new or
 changed passwords will use.
-Valid values include "md5" and "des".
+Valid values include "des", "md5" and "blf".
 NIS clients using a
 .No non- Ns Fx
 NIS server should probably use "des".
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index ccf8bbb..ce2e46b 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -100,7 +100,7 @@ getnewpasswd(pw, nis)
 #ifdef LOGIN_CAP
 	login_cap_t * lc;
 #endif
-	char buf[_PASSWORD_LEN+1], salt[10];
+	char buf[_PASSWORD_LEN+1], salt[32];
 	struct timeval tv;
 
 	if (!nis)
@@ -182,7 +182,11 @@ getnewpasswd(pw, nis)
 	to64(&salt[0], random(), 3);
 	to64(&salt[3], tv.tv_usec, 3);
 	to64(&salt[6], tv.tv_sec, 2);
-	salt[8] = '\0';
+	to64(&salt[8], random(), 5);
+	to64(&salt[13], random(), 5);
+	to64(&salt[17], random(), 5);
+	to64(&salt[22], random(), 5);
+	salt[27] = '\0';
 #endif
 	return (crypt(buf, salt));
 }