I was just wondering why SuSE defaults to using "plain old" DES encryption for passwords, instead of MD5, like most other distros. I'm not a crypto guy. I've been meaning to get _Applied Cryptography_ for awhile now, but I still haven't, so I don't know the difference. I just like using a 10-place password for root. A quick Google search doesn't turn up anything on this. Does anyone know why this is the situation? Does anyone know why I should or shouldn't care? Thanks, dk
On Tue, Jun 03, 2003 at 10:15:53AM -0500, David Krider wrote: : I was just wondering why SuSE defaults to using "plain old" DES : encryption for passwords, instead of MD5, like most other distros. I'm : not a crypto guy. I've been meaning to get _Applied Cryptography_ for : awhile now, but I still haven't, so I don't know the difference. I just : like using a 10-place password for root. A quick Google search doesn't : turn up anything on this. Does anyone know why this is the situation? : Does anyone know why I should or shouldn't care? Maybe to be consistent with commercial UNIXs that don't have MD5. This should also give you the ability to cut-and-paste password/shadow entries from say a Solaris box and vice versa. --Jerry -- Open-Source software isn't a matter of life or death... ...It's much more important than that!
On Tue, Jun 03, 2003 at 10:15:53AM -0500, David Krider wrote: : I was just wondering why SuSE defaults to using "plain old" DES : encryption for passwords, instead of MD5, like most other distros. I'm : not a crypto guy. I've been meaning to get _Applied Cryptography_ for : awhile now, but I still haven't, so I don't know the difference. I just : like using a 10-place password for root. A quick Google search doesn't : turn up anything on this. Does anyone know why this is the situation? : Does anyone know why I should or shouldn't care?
Maybe to be consistent with commercial UNIXs that don't have MD5. This should also give you the ability to cut-and-paste password/shadow entries from say a Solaris box and vice versa.
--Jerry
So.. There isn't anyway to have a >8 character password on Suse? This caught me by surprise during the installation as well...
On Tue, Jun 03, 2003 at 11:33:30AM -0400, tallison@tacocat.net wrote: : > On Tue, Jun 03, 2003 at 10:15:53AM -0500, David Krider wrote: : > : I was just wondering why SuSE defaults to using "plain old" DES : > : encryption for passwords, instead of MD5, like most other distros. I'm : > : not a crypto guy. I've been meaning to get _Applied Cryptography_ for : > : awhile now, but I still haven't, so I don't know the difference. I just : > : like using a 10-place password for root. A quick Google search doesn't : > : turn up anything on this. Does anyone know why this is the situation? : > : Does anyone know why I should or shouldn't care? : > : > Maybe to be consistent with commercial UNIXs that don't have MD5. : > This should also give you the ability to cut-and-paste password/shadow : > entries from say a Solaris box and vice versa. : : So.. There isn't anyway to have a >8 character password on Suse? Use MD5 or Blowfish. Edit /etc/pam/{pam_pwcheck,pam_unix2}.conf and change the default to use one of the aforementioned. --Jerry -- Open-Source software isn't a matter of life or death... ...It's much more important than that!
On Tue, 2003-06-03 at 11:44, Jerry A! wrote:
On Tue, Jun 03, 2003 at 11:33:30AM -0400, tallison@tacocat.net wrote: : > On Tue, Jun 03, 2003 at 10:15:53AM -0500, David Krider wrote: : > : I was just wondering why SuSE defaults to using "plain old" DES : > : encryption for passwords, instead of MD5, like most other distros. I'm : > : not a crypto guy. I've been meaning to get _Applied Cryptography_ for : > : awhile now, but I still haven't, so I don't know the difference. I just : > : like using a 10-place password for root. A quick Google search doesn't : > : turn up anything on this. Does anyone know why this is the situation? : > : Does anyone know why I should or shouldn't care? : > : > Maybe to be consistent with commercial UNIXs that don't have MD5. : > This should also give you the ability to cut-and-paste password/shadow : > entries from say a Solaris box and vice versa. : : So.. There isn't anyway to have a >8 character password on Suse?
Yes there is via YaST. The setting is under the security settings area. Just look around a little, you can't kill the box by "looking" at the current settings. Ken
Jerry A! <jerry@thehutt.org> [Tue, 3 Jun 2003 11:44:32 -0400]:
Use MD5 or Blowfish. Edit /etc/pam/{pam_pwcheck,pam_unix2}.conf and change the default to use one of the aforementioned.
But only do this in a pure linux environment and you may stumble across applications which can only handle 8 chars passwords. Philipp
On Tue, 2003-06-03 at 10:23, Jerry A! wrote:
Maybe to be consistent with commercial UNIXs that don't have MD5. This should also give you the ability to cut-and-paste password/shadow entries from say a Solaris box and vice versa.
Hmm... Perhaps this would aid in using SuSE in standard NIS domains? We haven't tried that here yet, but it's coming. We will be using Pink Helmet for the new domain, though, so maybe I would have needed to change anyway. I'll have to experiment with this. Thanks, dk
On Tue, Jun 03, David Krider wrote:
I was just wondering why SuSE defaults to using "plain old" DES encryption for passwords, instead of MD5, like most other distros. I'm
Because there are much more systems in the world than Linux which do not understand MD5 or blowfish encrypted passwords. There are also some protocols which do not work with passwords longer 8 characters (for example SecureRPC needed for NIS+). And at least, there are still some applications which crashes with MD5 passwords (but I saw the last one about one year ago). Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE Linux AG Deutschherrnstr. 15-19 D-90429 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
participants (6)
-
David Krider -
Jerry A! -
Ken Schneider -
Philipp Thomas -
tallison@tacocat.net -
Thorsten Kukuk