Originally Posted by
CaptSaltyJack
A glance into /etc/pam.d/common-password shows this line:
Code:
password requisite pam_unix.so nullok obscure md5
Given all the talk lately of MD5 and SHA1 being somewhat insecure, I'd rather use something else like SHA512 or Whirlpool (preferably!). How can I safely do this and "upgrade" all my users' passwords to the new hash algorithm? And where the heck are the encrypted passwords stored these days, anyway? /etc/passwd used to be it, but that shows nothing relevant.
Thanks.
I think I saw a bug a while ago about SHA1 not being supported in pam. If that is correct, I don't think SHA512 will work either. I could be mistaken, though. I want pam support for the blowfish algorithm.
edit: Wow, there is support for blowfish!
Code:
sudo apt-get install libpam-unix2
Passwords are stored in /etc/shadow.
Code:
sudo getent shadow CaptSaltyJack
You should be able to change the algorithm in pam, and your old hashes should still work. The passwords would be stored using the old algorithm until you reset them.
Bookmarks