RedHat moved to MD5 quite some time ago. I'm rather shocked SuSE hasn't.
I'd prefer md5 too. What about the upcoming 7.0 version though? Does that still use crypt or md5? Maybe someone from SuSE can inform us. Or should those of us that want more protection do it via PAM?
-Kurt Stefan
It's not that I want to justify that we don't use md5. I *think* (it's holiday time...) that md5 is in preparation, but don't pin me down on that now, please... Nevertheless: If an attacker has access to your encrypted passwords, you're in trouble anyway. There is a difference btw a 10th of a second and several days for cracking the passwords, but the result is basically the same, isn't it? Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -