LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Shadow hardening

Shadow hardening

Posted Mar 22, 2012 18:47 UTC (Thu) by RobSeace (subscriber, #4435)
Parent article: Shadow hardening

> The principle advantage is that Blowfish can be configured to use as many
> set-up rounds as desired when generating the hash; thus administrators can
> increase the number of rounds over time to make attacks more and more
> computationally expensive as processor power increases.

How is that an advantage over SHA-*? They can also do the same thing:

http://www.akkadia.org/drepper/SHA-crypt.txt

(Log in to post comments)

Shadow hardening

Posted Mar 29, 2012 8:00 UTC (Thu) by chojrak11 (guest, #52056) [Link]

Exactly. Here is the shadow entry with SHA-512 and custom number of rounds:

username:$6$rounds=100000$<salt>$<hash>:15418:0:99999:7:::

here the PAM configuration:
password required pam_unix.so obscure sha512 rounds=100000

and login.conf:
ENCRYPT_METHOD SHA512
SHA_CRYPT_MIN_ROUNDS 100000

After the admin increase number of rounds, next password change will adapt the setting.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds