SHA256 and pam

l33tunderground · 2008-11-22 16:52:21

Recently, I've been reading about SHA encryption and I would like to try and implement it on my systems (specifically sha256). However, it seems that this requires a working knowledge of pam, which seems to be one of those magical things that isn't particularly well documented.

The wiki has an entry on Blowfish passwords, and it hints at SHA, but has no information about actually making that switch.

Can anyone provide any help or links to places I might be able to find some documentation?

l33tunderground · 2008-11-22 16:57:19

I have read that pam_unix.so already supports the SHA cyphers, so is it just a matter of changing something in /etc/pam.d/passwd as well as /etc/default/passwd ?

l33tunderground · 2008-11-22 18:10:30

Wow... no joke I think it was really this easy:

In /etc/pam.d/passwd make sure this line is present:

password    required    pam_unix.so sha256 shadow nullok

In /etc/default/passwd change the default CRYPT setting to:

CRYPT=sha256

Then reset all the user's passwords as root.
Can anyone verify the /etc/shadow prefix for sha256 passwords?
I know MD5 starts with $1 and Blowfish with $2

kazuo · 2008-11-22 18:19:42

l33tunderground wrote:

Can anyone verify the /etc/shadow prefix for sha256 passwords?
I know MD5 starts with $1 and Blowfish with $2

Mine start with $5 (sha256).

l33tunderground · 2008-11-22 19:28:49

Ah, mine too! That's fantastic, and I shall edit the wiki.

l33tunderground · 2008-11-22 19:56:47

The wiki has been updated.
http://wiki.archlinux.org/index.php/SHA_Passwords (please unstub if you found it helpful)

Last edited by l33tunderground (2008-11-22 19:59:59)

Arch Linux

#1 2008-11-22 16:52:21

SHA256 and pam

#2 2008-11-22 16:57:19

Re: SHA256 and pam

#3 2008-11-22 18:10:30

Re: SHA256 and pam

#4 2008-11-22 18:19:42

Re: SHA256 and pam

#5 2008-11-22 19:28:49

Re: SHA256 and pam

#6 2008-11-22 19:56:47

Re: SHA256 and pam

Board footer