[arch-general] Upgrading password hashes
Sorin-Mihai Vârgolici
smv at ceata.org
Mon Jan 23 20:01:09 EST 2012
În data de Lu, 23-01-2012 la 18:08 -0600, C Anthony Risinger a scris:
> login.defs is provided by the `shadow` package, not `pam`, and details
> these options:
>
> ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS
These options aren't in the Archlinux version of the login.defs file,
like I said in my previous message. No ideea why.
> ... but it's not clear that the `shadow` option to pam_unix.so honors
> these values, only that pam_unix.so will "Try to maintain a shadow
> based system", which sounds more like a compatibility statement.
I wonder, is there anyone still not using pam?
> ... i can't find any literature suggesting sha512 decreases your
> security, and no reason to bother switching. both are good solutions.
It might be because of the FUD that OpenBSD is the only secure OS, which
isn't the case; I think they still don't provide full disk encryption,
of any kind.
Yeah, kinda off-topic, I know.
--
<>< Sorin-Mihai Vârgolici
Proud member of Ceata (http://ceata.org/)
Arcada developer (https://arcadaproject.org/)
More information about the arch-general
mailing list