On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller <selphie.keller@xxxxxxxxx> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due to invalid salt. > so there is a time lag difference between the blowfish internal > hash and the sha family hash, though this could be tricky to fix since some > systems may still use blowfish based hashing and changing the internal hash The best I could come up with (which is what I implemented[1]) was to look the crypt method used for root's password and use that, falling back to DES if that fails. That scheme won't help if you don't set a root password (or set it to *LK* or similar), but short of surveying all accounts on the system I'm not sure how to do much better. [1] https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
