From: | Mikhail Koliada <zlogene@g.o> |
---|---|
To: | gentoo-dev <gentoo-dev@l.g.o> |
Subject: | [gentoo-dev] Switching default password hashes from sha512 to yescrypt |
Date: | Fri, 22 Jul 2022 19:11:27 |
Message-Id: | 8DB1FE57-055F-4E32-BC23-731F69165116@gentoo.org |
1 | Hello! |
2 | |
3 | |
4 | |
5 | This idea has been fluctuating in my head for quite a while given that the migration had happened |
6 | |
7 | a while ago [0] and some other major distributions have already adopted yescrypt as their default algo |
8 | |
9 | by now [1]. For us switching is as easy as changing the default use flag in pambase and rehashing the password |
10 | |
11 | with the ‘passwd’ call (a news item will be required). |
12 | |
13 | |
14 | |
15 | What do you think? |
16 | |
17 | |
18 | |
19 | P.S. surely, I am only speaking about the local auth method based on shadow and also about the pam-based systems as the change is going |
20 | |
21 | to mainly impact the pam_unix.so calls in the pam’s stack. |
22 | |
23 | Pamless or the systems with an alternative auth methods is a different story. |
24 | |
25 | |
26 | |
27 | [0] - https://www.gentoo.org/support/news-items/2021-10-18-libxcrypt-migration-stable.html |
28 | |
29 | [1] - https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow |
Subject | Author |
---|---|
Re: [gentoo-dev] Switching default password hashes from sha512 to yescrypt | Mike Gilbert <floppym@g.o> |
Re: [gentoo-dev] Switching default password hashes from sha512 to yescrypt | Peter Stuge <peter@×××××.se> |
Re: [gentoo-dev] Switching default password hashes from sha512 to yescrypt | Sam James <sam@g.o> |
Re: [gentoo-dev] Switching default password hashes from sha512 to yescrypt | Conrad Kostecki <conikost@g.o> |