Re: Porting OpenBSD eksblowfish to PAM (was Re: md5 default)
On 7 Apr 2001, Tommi Virtanen wrote:
> Ethan Benson <firstname.lastname@example.org> writes:
> > > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > > passwd entries with "$2" as the password type, so this would be the
> > > one to go with for something more secure.
> > no kidding, try running john on the 3 different types, with old style
> > crypt it can get around 64000 hashes per second, md5 is down to 1400,
> > OpenBSD blowfish about 30. (on a 400ish Mhz machine)
> > it even takes several minutes to break a hideously lame password
> > hashed in blowfish compared to the near instant results under md5.
> > you can also raise the number of rounds used under OpenBSD, by default
> > root has a few more rounds then ordinary users which makes brute force
> > attacks even slower still.
> I have long pondered porting the OpenBSD eksblowfish
> password hashing over to PAM, but have never had the
> time. Any takers?
Patches to pam_unix that did this would no doubt be welcomed by the upstream.
:) Both glibc and pam_unix have support for md5 passwords; does glibc also
have support for SHA-1 or Blowfish now?