Christian Perrier wrote:
> > > The chpasswd program ignores the system MD5 setting in /etc/pam.d/passwd
> > > (also tried MD5_CRYPT_ENAB in /etc/login.defs) and instead hashes all
> > > passwords with DES. In the case of compromise of /etc/shadow, this
> > > greatly increases the ease with which attackers can crack back passwords.
> > > The system administrator thinks that they are using strong hashing until
> > > they closely examine /etc/shadow.
> >
> > Please keep [EMAIL PROTECTED] informed of the progress of this bug.
>
>
> Given the level of maintenance for the shadow package codebase, it
> would be better having some help in fixing this.
Last I spoke with the shadow developers at least one person was quite
responsive. I'll drop you his mail address privately.
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.
