changing password hashing to something other than md5 in /etc/shadow
Technomage-hawke
technomage.hawke at gmail.com
Fri Aug 24 14:19:51 MST 2007
On Friday 24 August 2007 03:04, Technomage-hawke wrote:
> ok,
>
> * I've googled for it (no luck, but certainly lots of 'interesting' reading
> material)
> * I've tried reading all the syste. documentation I can find
>
> * I've even tried hunting down the files to allow this.
>
> how do I hanged the hashing algorithm used in /etc/shadow?
> I need to use something other than MD5 or DES (was looking at whirlpool,
> AES, sha-5 or above).
>
> some suggestions please?
ok,
well, it looks like I am going to have to get hold of the pam source
developers on this one.
it should be easy to have pam do other forms of hashing (other than
DES/MD5/SHA*/BLOWFISH) but there is very little documentation at (for some
reason, not much development).
I hate to say this, but MD5 is pitifully weakand I know that DES is not only
breakable, there are rainbow lists for every possible combination of hash for
it. the SHA series has some problems of its own. personally, I'd rather have
TIGER, WHIRLPOOL or AES in the hash but I don't see any way of doing that
currently.
Thanks for your 'help' in any case guys.
More information about the PLUG-discuss
mailing list