[CentOS] 6.2 and login.defs

Thu Dec 22 12:01:22 UTC 2011
Reindl Harald <h.reindl at thelounge.net>


On 22.12.2011 12:54, John Doe wrote:
> From: Reindl Harald <h.reindl at thelounge.net>
> 
>>>  are they automatically "converted" (rehashed) to SHA512?
>> this is technically impossible on any system and in any context
>> the definition of a hash is NOT INVERTABLE and you would need
>> the plaintext-version to generate another hash type
> 
> By rehashed I meant 2 layers of hashing...
> You sha512 the old md5 hash while keeping the knowledge that it was an md5 hash.
> So, when the user enters its passwd, it would be md5 hashed and then sha512 hashed and compared...

this does not make any sense or differene and would decrase security
keep in mind that hashes normally contain only [a-z][0-9]
if you store the knowledge you have no need to convert

if you have a secure password like "y*!#Anf&%" your hash has
no longer special-chars and uppercase-letters, hashing this
again would result in a less secure one with more possible
collisions


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20111222/238d1821/attachment-0004.sig>