Questions about encrypt local passwords

I would like know which encryption method is used by 'auto'.

Encrypt local passwords using method of encryption as described in login.conf(5).
If method is ``auto'', the encryption type will be derived from the user's login class.

man 5 login.conf
Default allowed authentication styles:
auth-defaults:auth=password,skey

Does is means that by default passwords local stores using the system s / key ?

Which algorithm is used by system s/key the md4 or the md5?

Note:
For the moment I am using qemu for getting comfortable with openbsd.

From login.conf(5):
localcipher string blowfish,6 The cipher to use for local
passwords. Possible values
are: ``old'',
``newsalt,<rounds>'', ``md5'',
and ``blowfish,<rounds>'' where
``old'' means classic 56-bit
DES. For ``newsalt'' the value
of rounds is a 24-bit integer
with a minimum of 7250 rounds.
For ``blowfish'' the value can
be between 4 and 31. It speci-
fies the base 2 logarithm of
the number of rounds.The default installation /etc/login.conf file is set so that the default local cipher is "blowfish,6". The daemon class local cipher is set to "blowfish,8".

S/Key is a one-time-passphrase authentication system. For more information, see the man pages: skey(1), skeyinit(1), skeyinfo(1), skey(5), skeyaudit(1), skeyprune(1).

I have skey set up on one of my servers for ssh access from public-access computers. The one-time-passwords are useful in situations where public key encryption cannot be used. (Keyboard capture applications will not be able to take advantage of one-time-passphrases, but they could certainly acquire other information of the user is not careful on such computers.)

Thanks for the clarification. :)

But i have another question:

The default installation /etc/login.conf file is set so that the default local cipher is "blowfish,6". The daemon class local cipher is set to "blowfish,8".


Because this difference from 6 to 8?
In essence, by default, is assigned a more robust encoding in the case of execution of demons and slightly less for passwords?

The daemon class is used by /etc/rc and root.

I do not know the reason for the different number of rounds, I could only guess it is for performance. You're welcome to change ciphers, or change the number of rounds, as you wish. The encrypted passwords are stored in /etc/master.passwd which requires root access. (If root is compromised, passwords won't matter anyway.)

There was a thread in the misc@ archives from December 2005, about the blowfish cipher and it's use. The thread also discusses other cipher technologies, including MD5.

It starts here:

http://marc.info/?l=openbsd-misc&m=113588769128789&w=2

According to Wikipedia, blowfish is considerably resource intensive.. which makes brute force attacks especially hard.

I trust the OpenBSD developers have done us justice.. still, pick a long alpha-numeric password.. 20/30 characters in length if you're memorization skills are well honed.