On Wed, Aug 16, Roman Drahtmueller wrote:
RedHat moved to MD5 quite some time ago. I'm rather shocked SuSE hasn't.
I'd prefer md5 too. What about the upcoming 7.0 version though? Does that still use crypt or md5? Maybe someone from SuSE can inform us. Or should those of us that want more protection do it via PAM?
-Kurt Stefan
It's not that I want to justify that we don't use md5. I *think* (it's holiday time...) that md5 is in preparation, but don't pin me down on that now, please...
We have support for it since a long time. Read /usr/doc/packages/pam/README.md5 on SuSE Linux 6.4 or /usr/share/doc/packages/pam/README.md5 on SuSE Linux 7.0. Or look in your handbook. md5 is problematic, because a lot of Unix and services/protocols don't understand it. Only look at distributions which have md5 as default, how long take it until programs like yppasswd/rpc.yppasswdd for example where fixed and doesn't crash with a buffer overun ? (I know when I have fixed it ;) Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg Linux is like a Vorlon. It is incredibly powerful, gives terse, cryptic answers and has a lot of things going on in the background.