Re: /etc/shadow password hash format (migration from SuSE 9.3 to Debian Wheezy)

["Andreas Meile" <mailingliste@andreas-meile.ch>]

Hello Chris

----- Original Message ----- 
From: "Chris Davies" <chris@roaima.co.uk>
To: <debian-user@lists.debian.org>
Sent: Monday, May 27, 2013 2:54 PM
Subject: Re: /etc/shadow password hash format (migration from SuSE 9.3 to 
Debian Wheezy)


> man 3 crypt contains a NOTES section that identifies the ID and describes
> its format. Specifically, $6$salt$encrypted is SHA-512.

Thanks for the hint. Already done:

>              ID  | Method
>              ---------------------------------------------------------
>              1   | MD5
>              2a  | Blowfish (not in mainline glibc; added in some
>                  | Linux distributions)
>              5   | SHA-256 (since glibc 2.7)
>              6   | SHA-512 (since glibc 2.7)

So this lights out the situation: While SuSE 9.3 used Blowfish as extended 
password encryption method, Debian Wheezy uses SHA-512 for that. A short 
view inside older Linux boxes: Squeeze also uses SHA-512, and Lenny uses MD5 
according this table.

A "apt-cache search blowfish" shows me a lot of Blowfish related packages. 
So is there one on it which extends the login authentication routine also to 
process Blowfish hashes in /etc/shadow or is that a much more complicate 
procedure (compiling a new kernel for example)?

            Andreas
--
Teste die PC-Sicherheit mit www.sec-check.net