> On 22 Jul 2022, at 20:10, Mikhail Koliada <zlog...@gentoo.org> wrote: > > Hello! > > This idea has been fluctuating in my head for quite a while given that the > migration had happened > a while ago [0] and some other major distributions have already adopted > yescrypt as their default algo > by now [1]. For us switching is as easy as changing the default use flag in > pambase and rehashing the password > with the ‘passwd’ call (a news item will be required). > > What do you think? > > P.S. surely, I am only speaking about the local auth method based on shadow > and also about the pam-based systems as the change is going > to mainly impact the pam_unix.so calls in the pam’s stack. > Pamless or the systems with an alternative auth methods is a different story. > > [0] - > https://www.gentoo.org/support/news-items/2021-10-18-libxcrypt-migration-stable.html > [1] - > https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow
It's fine with me although I guess I'm a bit reluctant when the libxcrypt stuff is still biting some users. My preference would be to wait a few more months, but I don't feel strongly about it, and won't object if we want to move forward sooner. Overall though, it's a good idea, although I'd welcome Jason's input on alternatives first. CC'd. Best, sam
signature.asc
Description: Message signed with OpenPGP
