Comments on: Linux Upgrade Password Hashing Algorithm to SHA-512 http://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/ Every answer asks a more beautiful question. Fri, 10 Feb 2012 19:55:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: wedgeshothttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-46784 wedgeshot Wed, 07 Apr 2010 14:43:34 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-46784 Actually Ubuntu is sha512 in 9.04 and 9.10. I don't remember changing anything related to PAM so that should be the default Actually Ubuntu is sha512 in 9.04 and 9.10. I don’t remember changing anything related to PAM so that should be the default

]]> By: Vivek Gitehttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-45511 Vivek Gite Mon, 11 Jan 2010 04:46:11 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-45511 Try kubrick comment # 5, it may work on Ubuntu too... Try kubrick comment # 5, it may work on Ubuntu too…

]]> By: KING SABRIhttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-45504 KING SABRI Mon, 11 Jan 2010 01:38:00 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-45504 Thnaks Vivek Fedora 12 by Default uses SHA-512 CentOS-5.4 by Default uses MD5 Ubuntu by Default uses MD5, But the command Not Found Thnaks Vivek

Fedora 12 by Default uses SHA-512
CentOS-5.4 by Default uses MD5
Ubuntu by Default uses MD5, But the command Not Found

]]> By: j0rnhttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44875 j0rn Tue, 24 Nov 2009 23:45:59 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44875 nice tip, thx :) the algorithm corresponds to the second parameter in shadow passwords entries user:$1$abcdef... $1$ is md5 while $6$ is sha512, $0$ should be old des and $2$ blowfish I think man crypt ;) I updated my local users digest "by hand" by modifying the "ENCRYPT_METHOD" directive directly in login.defs, but I didn't that -more elegant- way to do nice tip, thx :)
the algorithm corresponds to the second parameter in shadow passwords entries

user:$1$abcdef…

$1$ is md5 while $6$ is sha512, $0$ should be old des and $2$ blowfish I think

man crypt ;)

I updated my local users digest “by hand” by modifying the “ENCRYPT_METHOD” directive directly in login.defs, but I didn’t that -more elegant- way to do

]]> By: Vivek Gitehttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44625 Vivek Gite Thu, 12 Nov 2009 13:17:02 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44625 @ iCroc / Philippe Thanks for pointing out the typo. @ kubrick, Thanks for sharing Debian specific information. @ iCroc / Philippe

Thanks for pointing out the typo.

@ kubrick,

Thanks for sharing Debian specific information.

]]> By: kubrickhttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44621 kubrick Thu, 12 Nov 2009 11:16:53 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44621 I've found this little article for Debian based systems. You could change the default MD5 algorithm for the more secure Blowfish. On Debian GNU/Linux, switching from the default MD5 algorithm to Blowfish is slightly more work, but still not terribly difficult to accomplish: First, install the libpam-unix2 module. That can be done simply via APT, Debian’s software management system, using the command # apt-get install libpam-unix2 Next, edit /etc/pam.d/common-auth, /etc/pam.d/common-account, /etc/pam.d/common-session, and /etc/pam.d/common-password so that in each file you replace pam_unix.so with pam_unix2.so. Finally, while you are editing the common-password file, change the term md5 so that it reads blowfish instead. Cheers! I’ve found this little article for Debian based systems.
You could change the default MD5 algorithm for the more secure Blowfish.

On Debian GNU/Linux, switching from the default MD5 algorithm to Blowfish is slightly more work, but still not terribly difficult to accomplish:

First, install the libpam-unix2 module. That can be done simply via APT, Debian’s software management system, using the command
# apt-get install libpam-unix2
Next, edit /etc/pam.d/common-auth, /etc/pam.d/common-account, /etc/pam.d/common-session, and /etc/pam.d/common-password so that in each file you replace pam_unix.so with pam_unix2.so.
Finally, while you are editing the common-password file, change the term md5 so that it reads blowfish instead.

Cheers!

]]> By: Philippe Petrinkohttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44620 Philippe Petrinko Thu, 12 Nov 2009 10:56:25 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44620 Hi Vivek, This is an Interesting post. Thanks for writing it. BTW, would you modify # authconfig --passalgo=SHA512 --update to lowercase "sha512" as iCroc observed ? Hi Vivek,
This is an Interesting post. Thanks for writing it.

BTW, would you modify
# authconfig –passalgo=SHA512 –update

to lowercase “sha512″ as iCroc observed ?

]]> By: iCrochttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44610 iCroc Wed, 11 Nov 2009 22:19:49 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44610 I have solved this problem by replacing this command authconfig --passalgo=SHA512 --update to authconfig --passalgo=sha512 --update Because no algorithm called SHA512 Best Regards I have solved this problem by replacing this command
authconfig –passalgo=SHA512 –update
to
authconfig –passalgo=sha512 –update

Because no algorithm called SHA512

Best Regards

]]> By: iCrochttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44590 iCroc Wed, 11 Nov 2009 14:29:11 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44590 This message appear authconfig: Unknown password hashing algorithm specified, using sha256. This message appear

authconfig: Unknown password hashing algorithm specified, using sha256.

]]> By: Andriihttp://www.cyberciti.biz/faq/rhel-centos-fedora-linux-upgrading-password-hashing/#comment-44589 Andrii Wed, 11 Nov 2009 12:52:45 +0000 http://www.cyberciti.biz/faq/?p=5736#comment-44589 Is it works in Debian? Is it works in Debian?

]]>