On Sun, 2009-04-19 at 12:00 -0400, pam-list-request@xxxxxxxxxx wrote: > >> Hi All, > >> Can anyone please let me know what block ciphers mode( Electronic > >> Codebook Mode (ECB) , Cipher Blockchaining Mode (CBC),..) > >> does the crypt function used in pam_unix use. > > It doesn't. These are for symmetric encryption, the crypt function > uses > > them as a one way hash (that why the later versions use MD5). > > > [Pavan] Thanks Martin. I was bit confused when it says that crypt uses > modified form of DES algorithm > (http://en.wikipedia.org/wiki/Crypt_(Unix)#Modifications_of_the_traditional_scheme). > > So these cipher modes are not applicable for storing/verifying > passwords using crypt. No - they are a tool for a different job. > My requirement is to make passwds more secure. More secure against what? Security is not a linear variable. The storage format of the password hashes is almost certainly not the weakest link in the chain. > I think enabling shadow passwds(using pwconv) and MD5 hashes > (etc/sysconfig/authconfig) would be enough as the first step. Shadow passwords and using the MD5 based version of crypt are both good ideas and an improvement - whether they will be enough rather depends on your security policy. Cheers, - Martin _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
