You are not logged in.
- Topics: Active | Unanswered
#1 2021-06-08 10:53:31
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,393
[SOLVED] Questions about new shadow hashes
Hi, I just read about
https://archlinux.org/news/sorting-out- … rd-hashes/
I checked my shadow file and my accounts all start with $6$ which should mean it uses sha512, right?
Is it still supported?
And if I find something that it is not and i change the password before updating (i'm thinking to remote servers which could be problematic), will it change the hash to something still supported?
Thanks.
Last edited by kokoko3k (2021-06-08 19:02:39)
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#2 2021-06-08 13:52:18
- seth
- Member
- Registered: 2012-09-03
- Posts: 51,028
Re: [SOLVED] Questions about new shadow hashes
it uses sha512, right?
Right.
Is it still supported?
Hopefully. https://en.wikipedia.org/wiki/SHA-1#Com … _functions - I'm not even sure whether passwd supports keccak "somehow" atm. but
It can take one of these values: DES (default), MD5, SHA256, SHA512
Online
#3 2021-06-08 19:02:29
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,393
Re: [SOLVED] Questions about new shadow hashes
Thanks,
i should be safe then.
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#4 2021-06-08 19:34:03
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,321
Re: [SOLVED] Questions about new shadow hashes
A few more password encryption methods are supported depending on how you specify the option.
Using the ENCRYPT_METHOD in /etc/login.defs MD5 SHA256 SHA512 BCRYPT.
If specified directly to pam_unix all the above md5 (MD5) sha256 (SHA256) sha512 (SHA512) blowfish (BCRYPT) plus bigcrypt gost_yescrypt yescrypt.
Edit:
No Keccak (SHA3) or Argon2 support.
Last edited by loqs (2021-06-08 19:39:25)
Offline