Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Which password cipher ?
On Tue, Nov 30, 2010 at 9:58 PM, Joel Carnat <joel%carnat.net@localhost> wrote:
> Hi,
>
> I'm installing a new domU and just realize I always choose the DES cipher for
> storing local passwords as it is supposed to be the most compatible. I
> personally don't use NIS (anymore) and password I share are store in LDAP
> using SSHA1.
>
> Is it still save to store local password in DES or should something else be
> used if possible ?
> If so, what's the best option Blowfish, SHA1 ?
>
> I read SHA1 has issues and SHA2 based cipher should be preferred.
> It also seems that OpenBSD uses Blowfish.
Which makes me wonder... why do we even *ask* people to choose a
cypher algorithm during install? Couldn't we, as the developers of
the system, make a good choice for our users (and let them change it
after installation if they so wish, just as they can with everything
else)? (It just feels stupid that we have a question in sysinst for
something as trivial as this but we don't have a way to select, e.g.
which services to enable.)
Which are the advantages/disadvantages of every method? Is it there a
single algorithm that we could just make the default? (passwd.conf(5)
does not answer any of these questions.)
--
Julio Merino
Home |
Main Index |
Thread Index |
Old Index