[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: crypt function mode
- From: Martin <inkubus interalpha co uk>
- To: pam-list redhat com
- Subject: Re: crypt function mode
- Date: Tue, 21 Apr 2009 22:18:37 +0100
On Sun, 2009-04-19 at 12:00 -0400, pam-list-request redhat com wrote:
> >> Hi All,
> >> Can anyone please let me know what block ciphers mode( Electronic
> >> Codebook Mode (ECB) , Cipher Blockchaining Mode (CBC),..)
> >> does the crypt function used in pam_unix use.
> > It doesn't. These are for symmetric encryption, the crypt function
> uses
> > them as a one way hash (that why the later versions use MD5).
> >
> [Pavan] Thanks Martin. I was bit confused when it says that crypt uses
> modified form of DES algorithm
> (http://en.wikipedia.org/wiki/Crypt_(Unix)#Modifications_of_the_traditional_scheme).
>
> So these cipher modes are not applicable for storing/verifying
> passwords using crypt.
No - they are a tool for a different job.
> My requirement is to make passwds more secure.
More secure against what? Security is not a linear variable. The
storage format of the password hashes is almost certainly not the
weakest link in the chain.
> I think enabling shadow passwds(using pwconv) and MD5 hashes
> (etc/sysconfig/authconfig) would be enough as the first step.
Shadow passwords and using the MD5 based version of crypt are both good
ideas and an improvement - whether they will be enough rather depends on
your security policy.
Cheers,
- Martin
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]