changing password hashing to something other than md5 in /etc/shadow

Technomage-hawke technomage.hawke at gmail.com
Fri Aug 24 14:19:51 MST 2007


On Friday 24 August 2007 03:04, Technomage-hawke wrote:
> ok,
>
> * I've googled for it (no luck, but certainly lots of 'interesting' reading
> material)
>  * I've tried reading all the syste. documentation I can find
>
> * I've even tried hunting down the files to allow this.
>
> how do I hanged the hashing algorithm used in /etc/shadow?
> I need to use something other than MD5 or DES (was looking at whirlpool,
> AES, sha-5 or above).
>
> some suggestions please?
ok,
well, it looks like I am going to have to get hold of the pam source 
developers on this one. 
it should be easy to have pam do other forms of hashing (other than 
DES/MD5/SHA*/BLOWFISH) but there is very little documentation at (for some 
reason, not much development).

I hate to say this, but MD5 is pitifully weakand I know that DES is not only 
breakable, there are rainbow lists for every possible combination of hash for 
it. the SHA series has some problems of its own. personally, I'd rather have 
TIGER, WHIRLPOOL or AES in the hash but I don't see any way of doing that 
currently.

Thanks for your 'help' in any case guys.


More information about the PLUG-discuss mailing list