Re: Bug#283961: chpasswd ignores system MD5 configuration

To: Christian Perrier <bubulle@debian.org>
Cc: Ian Gulliver <ian@penguinhosting.net>, team@security.debian.org, debian-qa@lists.debian.org
Subject: Re: Bug#283961: chpasswd ignores system MD5 configuration
From: Martin Schulze <joey@infodrom.org>
Date: Fri, 3 Dec 2004 08:40:32 +0100
Message-id: <[🔎] 20041203074032.GH7329@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 20041203055452.GN12037@mykerinos.kheops.frmug.org>
References: <20041202155130.GF2741@penguinhosting.net> <20041202174925.GH5727@alcor.net> <[🔎] 20041203055452.GN12037@mykerinos.kheops.frmug.org>

Christian Perrier wrote:
> > > The chpasswd program ignores the system MD5 setting in /etc/pam.d/passwd
> > > (also tried MD5_CRYPT_ENAB in /etc/login.defs) and instead hashes all
> > > passwords with DES.  In the case of compromise of /etc/shadow, this
> > > greatly increases the ease with which attackers can crack back passwords.
> > > The system administrator thinks that they are using strong hashing until
> > > they closely examine /etc/shadow.
> > 
> > Please keep team@security.debian.org informed of the progress of this bug.
> 
> 
> Given the level of maintenance for the shadow package codebase, it
> would be better having some help in fixing this.

Last I spoke with the shadow developers at least one person was quite
responsive.  I'll drop you his mail address privately.

Regards,

	Joey

-- 
Everybody talks about it, but nobody does anything about it!  -- Mark Twain

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- Re: Bug#283961: chpasswd ignores system MD5 configuration
  - From: Christian Perrier <bubulle@debian.org>

Prev by Date: Re: Bug#283961: chpasswd ignores system MD5 configuration
Next by Date: ScanMail Notification.
Previous by thread: Re: Bug#283961: chpasswd ignores system MD5 configuration
Next by thread: ScanMail Notification.
Index(es):
- Date
- Thread