[CentOS] 6.2 and login.defs

John Doe jdmls at yahoo.com
Thu Dec 22 13:32:00 UTC 2011


From: Reindl Harald <h.reindl at thelounge.net>

>>  By rehashed I meant 2 layers of hashing...
>>  You sha512 the old md5 hash while keeping the knowledge that it was an md5 
> hash.
>>  So, when the user enters its passwd, it would be md5 hashed and then sha512 
> hashed and compared...
> this does not make any sense or differene and would decrase security
> keep in mind that hashes normally contain only [a-z][0-9]
> if you store the knowledge you have no need to convert
> if you have a secure password like "y*!#Anf&%" your hash has
> no longer special-chars and uppercase-letters, hashing this
> again would result in a less secure one with more possible
> collisions

I know all the security implications...
My post was about transparent backward-compatibility.
Anyway, it works.

Thx,
JD



More information about the CentOS mailing list