Re: MD5 passwords
On Sun, Apr 25, 1999 at 02:44:38PM -0400, Ben Pfaff wrote:
> Stephen Crowley <crow@debian.org> writes:
>
> > Why? Is there an advantage to MD5 passwords? (If this is a FAQ
> > please just point me to the appropriate FM to RT.)
>
> I guess the question would be, why not? It allows unlimited password length
> and is much harder to crack if someone does happen to get ahold of
> /etc/shadow.
>
> Do all system utilities support MD5 passwords? Do they introduce
> incompatibilities with other OSes?
I'm not positive but I think all the system utils do support it. But it is
incompatible with older *nixes, I think it should tell the user about this
and then let them decide to enable it or not. I think I heard somewhere that
freebsd has this on by default now.
> I think that this should be brought up on debian-policy or
> debian-devel as well: if we don't currently use MD5 passwords by
> default, there may be a reason.
>
> Also, it's not possible to convert passwords between MD5 and standard
> crypt(), so it's not just a matter of doing something analogous to
> `shadowconfig on'/`shadowconfig off' like we have for shadow
> passwords.
Yes, that would be a concern.
--
Stephen Crowley
Debian GNU/Linux - http://www.debian.org
Reply to: