[arch-general] Upgrading password hashes
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Fri Jan 20 07:32:01 EST 2012
I know arch tries to keep to upstream but their seems some
discrepencies that you may or may not be aware of so thought I'd share.
The crypt man page says glibc may not support blowfish (stronger than
nists recommendation) and that seems true when used via the commandline
(very short output).
The arch wiki says you can use a library from AUR.
There is also a sha512 arch wiki which says you should edit
pamd.d/passwd from md5 to sha512 but the default seems to already be
sha512, maybe it tries both as some distros default is now sha512 so no
need anymore.
It seems if you simply edit /etc/default/passwd to blowfish and reset
your password, sha512 is used e.g. encrypted password beginning with $6
in /etc/shadow not $2 (blowfish) and logins work fine.
I guess the /etc/default/passwd config file may be futurised or the
config written before changing to SHA which was easier to
implement and the wiki is out of date with the code??
--
Kc
More information about the arch-general
mailing list