In this example, the identifier for the Blowfish algorithm, 2a, is specified as the value for the CRYPT_DEFAULT variable. The policy.conf entries that control password encryption would look like the following:
CRYPT_ALGORITHMS_ALLOW=1,2a,md5 #CRYPT_ALGORITHMS_DEPRECATE=__unix__ CRYPT_DEFAULT=2a |
This configuration is compatible with BSD systems that use the Blowfish algorithm.