Hi! On 10/23/07, Christian Perrier <[EMAIL PROTECTED]> wrote: > Quoting Matias Soler ([EMAIL PROTECTED]): > > Package: passwd > > Version: 1:4.0.18.1-7 > > Severity: wishlist > > > > It would be desirable to default chpasswd hash algorithm to MD5 instead of > > DES. > Well, we might need a pretty strong rationale to consider a change > that would break the "no surprise" principle.
Well, it depends on which the surprise is. I find it quite surprising that in 2007 using chpasswd in Debian leads to passwords being truncated at 8 characters. I thought this was OLD history. > Changing the default behaviour of the utility would be likely to break > existing setups that use chpasswd. Would something really break? The passwords would be as long as the user actually typed them, but only after changing the password, and only if you used a longer-than-8-characters-long password but then typed the first 8 characters. What real scenario is there for something breaking? > So, really, my first reaction is being non invasive and mark this bug > as "wontfix". How long should we keep using an obsolete default, just because "that's how it used to be done" ? -- Love, Marga -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
