lynis on FreeBSD-12.3p2 reports port password hashing methods

[byrnejb]

What is "password hashing method 51"?

As for the rest I stumbled across the answers:

Q. What other methods are available?
A.

passwd_format    string    sha512    The encryption format that new or
                                          changed passwords will use.  Valid
                                          values include "des", "md5", "blf",
                                          "sha256" and "sha512"

Q. Where is this set? A. /etc/login.conf

Q. What man page discusses this setting? A. login.conf(5)

# lynis show details AUTH-9229
2022-02-15 14:30:01 Performing test ID AUTH-9229 (Check password hashing methods)
2022-02-15 14:30:01 Test: Checking password hashing methods
2022-02-15 14:30:01 Result: poor password hashing methods found: Unknown password hashing method 51:. Please report to lynis-dev@cisofy.com
2022-02-15 14:30:01 Suggestion: Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values [test:AUTH-9229] [details:-] [solution:-]
2022-02-15 14:30:01 Hardening: assigned partial number of hardening points (0 of 2). Currently having 0 points (out of 2)
2022-02-15 14:30:01 ====

 

[sko]

poor password hashing methods found: Unknown password hashing method 51

"I don't recognize the hashing method, so it must be bad"
I don't know what lynis is, but from this statement alone I already wouldn't rank its credibility very high...

Regarding your question: FreeBSD defaults to SHA512 [1] and it can be changed in login.conf(5).

[1] https://docs.freebsd.org/en/books/handbook/security/#security-passwords

 

[covacat]

looks like it uses a shell script for the test
you can debug it and see why it sucks