[arch-general] Upgrading password hashes
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Mon Jan 23 06:59:34 EST 2012
On Sat, 21 Jan 2012 17:50:13 +0100
Tobias Frilling wrote:
> The CRYPT setting from /etc/default/passwd is only used if pam is not
> enabled. If it is enabled, the used configs are in /etc/pam.d (e.g.
> passwd, login etc.) which default nowadays to sha512.
Confirmed, /etc/default/passwd does not enable sha512. It's
probably a good idea and the easiest way to get SHA512 for people to
reset their password *AFTER* installing PAM. Might be worth adding to
the SHA512 wiki that PAM users can just do that.
Now to see if PAM supports blowfish without adding the library from
AUR?, I very much doubt it!
OpenBSDs bcrypt with configurable rounds is awesome by the way and far
more secure, yet wouldn't pass PCI compliance, how dumb some of these
certifications are.
More information about the arch-general
mailing list