hi, From: "Christian Röpke" [mailto:christian.roepke@directbox.com]
Hello @all,
after my installation of suse linux 8.0 yast2 ask me, whether i encrypt my passwords with DES or MD5.
i think, both of these algorithms are not secure !!!
DES is not secure, though it's still widely used (3des and some other derivates)
1. DES is a encryption algorithmen, that is cracked by NSA (ca. 1990) (also by other secret services) and by the electronic frontier foundation (1999). this algorithm is NOT secret today (des-cracker : about 100.000 dollar)
the algorithm should never be the [only] secret.
2. MD5 is a hash-function, so you can't encrypt any passwords with this algorithm.
no, but you don't have to store the password. whenever you type your password the md5-sums will be compared, so if you don't know the secret, you'll stay locked out. and there is no mathematical function to deduct the password from the sum.
question : where is the passowrd security by suse linux ???
this algorithms are not suse-specific, it's state of the art in unix. /etc/passwd is a very old file and it's structure did not change [much] since the 70ies. nowadays passwords are [should be] shadowed, in order to prevent users from reading the encrypted strings and deciphering them. if that's still not the security you want, feel free to implement whatever pam-authentication you want. regards, stefan