[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#283961: chpasswd ignores system MD5 configuration

Christian Perrier wrote:
> > > The chpasswd program ignores the system MD5 setting in /etc/pam.d/passwd
> > > (also tried MD5_CRYPT_ENAB in /etc/login.defs) and instead hashes all
> > > passwords with DES.  In the case of compromise of /etc/shadow, this
> > > greatly increases the ease with which attackers can crack back passwords.
> > > The system administrator thinks that they are using strong hashing until
> > > they closely examine /etc/shadow.
> > 
> > Please keep team@security.debian.org informed of the progress of this bug.
> Given the level of maintenance for the shadow package codebase, it
> would be better having some help in fixing this.

Last I spoke with the shadow developers at least one person was quite
responsive.  I'll drop you his mail address privately.



Everybody talks about it, but nobody does anything about it!  -- Mark Twain

Please always Cc to me when replying to me on the lists.

Reply to: