RedHat moved to MD5 quite some time ago. I'm rather shocked SuSE hasn't.
I'd prefer md5 too. What about the upcoming 7.0 version though? Does that still use crypt or md5? Maybe someone from SuSE can inform us. Or should those of us that want more protection do it via PAM?
-Kurt Stefan
It's not that I want to justify that we don't use md5. I *think* (it's
holiday time...) that md5 is in preparation, but don't pin me down on that
now, please...
Nevertheless: If an attacker has access to your encrypted passwords,
you're in trouble anyway. There is a difference btw a 10th of a second and
several days for cracking the passwords, but the result is basically the
same, isn't it?
Thanks,
Roman.
--
- -
| Roman Drahtmüller