LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   WARN: use of weak password hash algorithm (openSUSE 11.0) (https://www.linuxquestions.org/questions/linux-security-4/warn-use-of-weak-password-hash-algorithm-opensuse-11-0-a-657281/)

win32sux 07-21-2008 04:28 PM
WARN: use of weak password hash algorithm (openSUSE 11.0)
 
Not a critical security issue AFAICT, but still, thought I'd give any openSUSE users a heads-up in case they weren't aware of it. It's important to point out that they will need to re-generate all their passwords if they were supposed to be using MD5 hashes.
Quote:
1) Problem Description and Brief Discussion

libxcrypt is used on openSUSE to calculate the hash value of
passwords. It can be configured to use DES, MD5 or blowfish. Due to
a bug in libxcrypt the DES algorithm was used if MD5 was configured
in /etc/default/passwd. The default algorithm used on openSUSE is
blowfish which worked as expected though.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

After applying the update you need to set the password again for all
accounts that are supposed to have an MD5 password hash.
SUSE Security Announcement

colucix 07-22-2008 08:48 AM
Thank you for the notification! I used the default blowfish, anyway.


All times are GMT -5. The time now is 04:15 PM.