[New: openFATE 308966] Change default passwd hash algorithm to sha512
Feature added by: Stephan Kleine (bitshuffler) Feature #308966, revision 1 Title: Change default passwd hash algorithm to sha512 openSUSE-11.3: Unconfirmed Priority Requester: Important Requested by: Stephan Kleine (bitshuffler) Partner organization: openSUSE.org Description: Change the default hashing algorithm that gets used by passwd and friends to something more secure than md5 in /etc/default/passwd (preferable sha512). Also please do this ASAP since we are early enough in the development cycle so any unexpected side effects get discovered and fixed before release. Business case (Partner benefit): openSUSE.org: The reason behind this change is that nowadays md5 simply isn't secure anymore. -- openSUSE Feature: https://features.opensuse.org/308966
Feature changed by: Stephan Kulow (coolo) Feature #308966, revision 2 Title: Change default passwd hash algorithm to sha512 - openSUSE-11.3: Unconfirmed + openSUSE-11.3: Rejected by (coolo) + reject date: 2010-02-09 15:10:16 + reject reason: too dangerous to break Priority Requester: Important Requested by: Stephan Kleine (bitshuffler) Partner organization: openSUSE.org Description: Change the default hashing algorithm that gets used by passwd and friends to something more secure than md5 in /etc/default/passwd (preferable sha512). Also please do this ASAP since we are early enough in the development cycle so any unexpected side effects get discovered and fixed before release. Business case (Partner benefit): openSUSE.org: The reason behind this change is that nowadays md5 simply isn't secure anymore. + Discussion: + #1: Stephan Kulow (coolo) (2010-02-09 15:13:08) + I'm not sure you understand where the md5 is used. md5 is simply the + fallback for external services and I'm not sure you can guarantee all + external password directories support sha512 -- openSUSE Feature: https://features.opensuse.org/308966
Feature changed by: Jan Engelhardt (jengelh) Feature #308966, revision 4 Title: Change default passwd hash algorithm to sha512 openSUSE-11.3: Rejected by (coolo) reject date: 2010-02-09 15:10:16 reject reason: too dangerous to break Priority Requester: Important Requested by: Stephan Kleine (bitshuffler) Partner organization: openSUSE.org Description: Change the default hashing algorithm that gets used by passwd and friends to something more secure than md5 in /etc/default/passwd (preferable sha512). Also please do this ASAP since we are early enough in the development cycle so any unexpected side effects get discovered and fixed before release. Business case (Partner benefit): openSUSE.org: The reason behind this change is that nowadays md5 simply isn't secure anymore. Discussion: #1: Stephan Kulow (coolo) (2010-02-09 15:13:08) I'm not sure you understand where the md5 is used. md5 is simply the fallback for external services and I'm not sure you can guarantee all external password directories support sha512 + #2: Jan Engelhardt (jengelh) (2010-02-14 21:05:10) (reply to #1) + The current default is Blowfish, and that is rather incompatible to + other Linux distros, given that upstream Glibc does not have BF, but it + does have SHA. -- openSUSE Feature: https://features.opensuse.org/308966
participants (1)
-
fate_noreply@suse.de