On Wed, Dec 29, 2010 at 12:25 AM, Bruce Dubbs <bruce.du...@gmail.com> wrote: > You are probably right about shadow, but the main reason for the > checksums for package downloads is to provide data integrity, not > security. The better way for ensuring a package has not been > intentionally modified is to use digital signatures. > If you just want to use MD5 for just checking to see if a package isn't corrupted or modified, then I'm fine with that use. For the others, I would use SHA-2. > Although PAM is in BLFS, I'm not aware of any changes to that package > that would be needed to utilize a different login encryption method. > For changing a password, I think that PAM uses whatever method currently > is in use. Let me add a caveat though. I haven't used PAM in several > years. I think it just gets in the way. Well, I think it uses whatever encryption option specified as an argument to pam_unix.so. But, then again, the configuration that BLFS uses is arleady using SHA-512 encryption.
The only thing left is to change the sed in the LFS book, and that's it. -- William Immendorf The ultimate in free computing. Messages in plain text, please, no HTML. GPG key ID: 1697BE98 If it's not signed, it's not from me. -------------- "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
