tech-security: Re: /etc/passwd.conf

Subject: Re: /etc/passwd.conf
To: Jun-ichiro itojun Hagino <itojun@iijlab.net>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 08/05/2003 10:20:57

In message <20030805133058.686E5794@starfruit.itojun.org>, Jun-ichiro itojun Ha
gino writes:
>	given that DES is crackable in 3 seconds, i would like to propose the
>	following change.  you can still use DES password entries, it only
>	affects newly-created entries (like by passwd(1)).  what do people
>	think?  (ypcipher is kept to "old" for backward compat)
>
>itojun
>
>
>Index: passwd.conf
>===================================================================
>RCS file: /cvsroot/src/etc/passwd.conf,v
>retrieving revision 1.2
>diff -u -r1.2 passwd.conf
>--- passwd.conf	2002/04/15 07:48:00	1.2
>+++ passwd.conf	2003/08/05 13:28:58
>@@ -4,6 +4,6 @@
> #	password configuration file
> #
> 
>-#default:
>-#	localcipher = md5
>-#	ypcipher = old
>+default:
>+	localcipher = blowfish,7
>+	ypcipher = old
>

Why Blowfish instead of md5?


		--Steve Bellovin, http://www.research.att.com/~smb