[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 passwords

On Sun, Apr 25, 1999 at 02:44:38PM -0400, Ben Pfaff wrote:
> Stephen Crowley <crow@debian.org> writes:
> 
>    > Why?  Is there an advantage to MD5 passwords?  (If this is a FAQ
>    > please just point me to the appropriate FM to RT.)
> 
>    I guess the question would be, why not? It allows unlimited password length
>    and is much harder to crack if someone does happen to get ahold of
>    /etc/shadow. 
> 
> Do all system utilities support MD5 passwords?  Do they introduce
> incompatibilities with other OSes?

I'm not positive but I think all the system utils do support it. But it is
incompatible with older *nixes, I think it should tell the user about this
and then let them decide to enable it or not. I think I heard somewhere that
freebsd has this on by default now.

> I think that this should be brought up on debian-policy or
> debian-devel as well: if we don't currently use MD5 passwords by
> default, there may be a reason.
> 
> Also, it's not possible to convert passwords between MD5 and standard
> crypt(), so it's not just a matter of doing something analogous to
> `shadowconfig on'/`shadowconfig off' like we have for shadow
> passwords.

Yes, that would be a concern.

-- 
Stephen Crowley
Debian GNU/Linux - http://www.debian.org
Reply to: