You are not logged in.

#1 2021-06-08 10:53:31

kokoko3k
Member
Registered: 2008-11-14
Posts: 2,212

[SOLVED] Questions about new shadow hashes

Hi, I just read about
https://archlinux.org/news/sorting-out- … rd-hashes/
I checked my shadow file and my accounts all start with $6$ which should mean it uses sha512, right?
Is it still supported?

And if I find something that it is not and i change the password before updating (i'm thinking to remote servers which could be problematic), will it change the hash to something still supported?

Thanks.

Last edited by kokoko3k (2021-06-08 19:02:39)


Help me to improve ssh-rdp !

Offline

#2 2021-06-08 13:52:18

seth
Member
Registered: 2012-09-03
Posts: 24,895

Re: [SOLVED] Questions about new shadow hashes

it uses sha512, right?

Right.

Is it still supported?

Hopefully. https://en.wikipedia.org/wiki/SHA-1#Com … _functions - I'm not even sure whether passwd supports keccak "somehow" atm. but

man passwd wrote:

It can take one of these values: DES (default), MD5, SHA256, SHA512

Offline

#3 2021-06-08 19:02:29

kokoko3k
Member
Registered: 2008-11-14
Posts: 2,212

Re: [SOLVED] Questions about new shadow hashes

Thanks,
i should be safe then.


Help me to improve ssh-rdp !

Offline

#4 2021-06-08 19:34:03

loqs
Member
Registered: 2014-03-06
Posts: 14,230

Re: [SOLVED] Questions about new shadow hashes

A few more password encryption methods are supported depending on how you specify the option.
Using the ENCRYPT_METHOD in /etc/login.defs MD5 SHA256 SHA512 BCRYPT.
If specified directly to pam_unix all the above md5 (MD5) sha256 (SHA256) sha512 (SHA512) blowfish (BCRYPT) plus bigcrypt gost_yescrypt yescrypt.
Edit:
No Keccak (SHA3) or Argon2 support.

Last edited by loqs (2021-06-08 19:39:25)

Offline

Board footer

Powered by FluxBB