[arch-general] Upgrading password hashes
Mantas M.
grawity at gmail.com
Sat Jan 21 12:08:27 EST 2012
On Sat, Jan 21, 2012 at 08:06:04AM -0800, Don Juan wrote:
> On 01/21/2012 07:34 AM, Mantas M. wrote:
> >On Fri, Jan 20, 2012 at 11:04:12PM +0000, Kevin Chadwick wrote:
> >>Maybe I missed giving a piece of info. The default password is DES which
> >>is really crap and starts with $1 so simply enabling blowfish
> >DES is indeed crap, but it hasn't been the default for a long time.
> >The $1$ hashes are salted MD5, as crypt(3) can confirm.
> >
> Then if the default is that then why are default system users, such
> as http mail postfix and similar not displaying the $1$ on the
> shadow file?
Because they *do not have* passwords.
"x", "!" or "*" are invalid hash values, and they basically mean "password-based
logins are not permitted".
--
Mantas M.
More information about the arch-general
mailing list