md5 default (was Re: Security trough paranoia)
Matt Zimmerman wrote:
> In that case, the only reason not to use md5 passwords by default is if the
> system in question is a NIS _server_, not a client as has been implied before.
> I agree that md5 should be the default.
Ok, I think passwd should be updated to change it to the default
(base-config used to ask the question; passwd does now; and the default
is currently not to turn on md5). It looks like the consensus of this
thread is that enabling md5 passwords makes sense on all systems that
are not NIS servers; so the template should probably be changed to:
Description: Shall I enable md5 passwords?
Md5 passwords are more secure and allow for passwords longer than 8
characters to be used. However, they can cause compatibility problems if
used on NIS servers or if you are sharing password files with older systems.
see shy jo