On Sat, 21 Jan 2012 17:50:13 +0100 Tobias Frilling wrote:
The CRYPT setting from /etc/default/passwd is only used if pam is not enabled. If it is enabled, the used configs are in /etc/pam.d (e.g. passwd, login etc.) which default nowadays to sha512.
Confirmed, /etc/default/passwd does not enable sha512. It's probably a good idea and the easiest way to get SHA512 for people to reset their password *AFTER* installing PAM. Might be worth adding to the SHA512 wiki that PAM users can just do that. Now to see if PAM supports blowfish without adding the library from AUR?, I very much doubt it! OpenBSDs bcrypt with configurable rounds is awesome by the way and far more secure, yet wouldn't pass PCI compliance, how dumb some of these certifications are.