Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] MD5 Passwords.
  • From: Thorsten Kukuk <kukuk@xxxxxxx>
  • Date: Tue, 7 Mar 2000 19:29:00 +0100
  • Message-id: <20000307192900.A25201@xxxxxxxxxxxxx>
On Tue, Mar 07, |[TDP]| wrote:

> Sorry.... in suse 6.3 the MD5_CRYPT_ENAB doesn't appear in /etc/login.defs and if you enable it, suse doesn't seem to change passwords to MD5... I think
> this feature has been removed. (in suse 6.1 i obtained md5 passwd sucessfully)
>
> I think was removed for security, MD5 is an algorithm that has collisions, however DES does not undergo problems of collisions, although it is "in theory easy to crack" by brute force.


Since SuSE Linux 6.2 we use PAM. So the MD5 stuff from the shadow
suite cannot work any longer. The pam_unix.so module we use on
6.2 and 6.3 can handle MD5 passwords. But the passwd command cannot
change it in the moment. This is implemented for the upcoming
SuSE Linux 6.4.

Thorsten

--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx
SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

< Previous Next >
Follow Ups
References