LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-21-2008, 04:28 PM   #1
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Exclamation WARN: use of weak password hash algorithm (openSUSE 11.0)


Not a critical security issue AFAICT, but still, thought I'd give any openSUSE users a heads-up in case they weren't aware of it. It's important to point out that they will need to re-generate all their passwords if they were supposed to be using MD5 hashes.
Quote:
1) Problem Description and Brief Discussion

libxcrypt is used on openSUSE to calculate the hash value of
passwords. It can be configured to use DES, MD5 or blowfish. Due to
a bug in libxcrypt the DES algorithm was used if MD5 was configured
in /etc/default/passwd. The default algorithm used on openSUSE is
blowfish which worked as expected though.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

After applying the update you need to set the password again for all
accounts that are supposed to have an MD5 password hash.
SUSE Security Announcement

Last edited by win32sux; 07-21-2008 at 04:44 PM.
 
Old 07-22-2008, 08:48 AM   #2
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,508

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
Thank you for the notification! I used the default blowfish, anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hash algorithm scanner Programming 17 07-18-2006 08:08 AM
need a hash algorithm ignoring input order Thinking Programming 3 07-12-2006 06:09 AM
hash bye md5 algorithm vishalbutte Programming 5 02-18-2006 10:54 PM
need a hash algorithm ignoring input order Thinking Programming 1 01-02-2006 05:15 PM
Change Password Hash Algorithm Trano Linux - Security 1 08-23-2005 07:48 AM


All times are GMT -5. The time now is 05:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration