Blowfish support in crypt() (glibc) ?

Robert Connolly robert at linuxfromscratch.org
Sun Jun 6 18:58:05 PDT 2004


On June 6, 2004 09:18 pm, Ryan.Oliver at pha.com.au wrote:
> > Anyone want to discuss or vote on this?
>
> I'd have to have a play with it, must admit I'm happy enough
> with MD5 crypt for system accounts that need passwords (of which
> there is only one (root), any accounts requiring passwords I generally
> shunt into kerberos).

Md5 isn't very good anymore.

> Personal preference if I was to use it would be crypt_blowfish,
> one less library to have to worry about...
> Only my $0.02 though ;-)

libxcrypt is easier to maintain, crypt_blowfish is easier to use.

> Would be nice to list details for both, let the user decide which
> way they want to go...

Owl has a few interesting Pam modules on:
http://www.openwall.com/pam/

But their patches for shadow are nightmarish. Using these modules offers much 
more configuration though, privlege drop for chage(), and an alternitive to 
cracklib.




More information about the hlfs-dev mailing list