Hi Martin, when you say the following: "These are for symmetric encryption, the crypt function uses them as a one way hash (that why the later versions use MD5)." Does the crypt function use any of the block cipher mode with little modifications. Please clarify. Thanks and Best Regards, Pavan On Sun, Apr 19, 2009 at 8:18 AM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote: > On Fri, Apr 17, 2009 at 9:48 PM, Martin <inkubus@xxxxxxxxxxxxxxxx> wrote: >> On Fri, 2009-04-17 at 12:00 -0400, pam-list-request@xxxxxxxxxx wrote: >> >>> -------- Forwarded Message -------- >>> From: Sudarshan Soma <sudarshan12s@xxxxxxxxx> >>> Reply-To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx> >>> To: Pluggable Authentication Modules <pam-list@xxxxxxxxxx> >>> Subject: crypt function mode >>> Date: Fri, 17 Apr 2009 20:36:07 +0530 >>> >>> Hi All, >>> Can anyone please let me know what block ciphers mode( Electronic >>> Codebook Mode (ECB) , Cipher Blockchaining Mode (CBC),..) >>> does the crypt function used in pam_unix use. >> It doesn't. These are for symmetric encryption, the crypt function uses >> them as a one way hash (that why the later versions use MD5). >> > [Pavan] Thanks Martin. I was bit confused when it says that crypt uses > modified form of DES algorithm > (http://en.wikipedia.org/wiki/Crypt_(Unix)#Modifications_of_the_traditional_scheme). > > So these cipher modes are not applicable for storing/verifying > passwords using crypt. My requirement is to make passwds more secure. > I think enabling shadow passwds(using pwconv) and MD5 hashes > (etc/sysconfig/authconfig) would be enough as the first step. > >>> Please suggest me any pointers , if this is more of the crypt function >>> question. >> You might try reading the code; it's about as good a description as any. >> >> Cheers, >> - Martin >> >> >> _______________________________________________ >> Pam-list mailing list >> Pam-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/pam-list >> > _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
