DragonFly currently still uses md5 as the default password hash for /etc/master.passwd. As md5 is considered cryptographically broken, it's about time we move on. This task will involve adding support and changing the default to using SHA2 (SHA256 and/or SHA512). SHA384 is currently not supported by libmd and is hence not usabe for this.

The steps to follow are:

1. add support for sha2 (256, 512?) to lib/libcrypt in two new files, crypt-sha256.c and crypt-sha512.c. This is relatively trivial and just needs to use the functions provided by libmd. It also involves adapting the Makefile to these changes.
2. modify the #define PASSWORD_HASH in lib/pam_module/pam_unix/pam_unix.c to the new hash to be used
3. modify the default passwd_format in etc/login.conf
4. Test it! An untested submission will not be accepted.

It is imperative that this task is handed in as a proper unified patch, either the output of git format-patch (preferred) or a manual diff -Nau. A test to see if buildworld still runs after the changes should also be performed. If any help is required, feel free to drop me a mail or ask on our IRC channel, #dragonflybsd on efnet.