Encryption typed

duachuot30_4 · 09-22-2013, 11:39 PM

Hi,My name is Quy I'm the New member of Forum,
I have one problem but I can't Google to find the answer.
I have to config PAM for password is encrypted in SHA512. But some version before Redhat 5.2 not support SHA512,
Now, i have the question: how to list all supported encryption type in specified linux distro (SuSE, Redhat, Centos) and Solaris?
Hope someone can answer this question. thanks!

p/s: my server cant upgrade to new version

unSpawn · 09-24-2013, 08:26 PM

Quote:

Originally Posted by duachuot30_4

Hi,My name is Quy I'm the New member of Forum,

Welcome to LQ, hope you like it here.

Quote:

Originally Posted by duachuot30_4

Redhat 5.2

If with "Redhat 5.2" you meant "Red Hat Linux 5.2" then you should ditch that immediately as it's been EOL'ed for too long.
If with "Redhat 5.2" you meant "Red Hat Enterprise Linux 5.2" then you should upgrade to RHEL 5.9 (or CentOS 5.9) as that's the latest release of the 5 series.

Quote:

Originally Posted by duachuot30_4

how to list all supported encryption type in specified linux distro (SuSE, Redhat, Centos) and Solaris?

For any OS or distribution that uses PAM start with /usr/share/doc/pam-*/txts/README.pam_unix as this references the crypt function. Now see 'man 3 crypt' and notice the Glibc versions which support additional encryption algorithms:

Code:

 ID  | Method
 ─────────────────────────────────────────────────────────

 1   | MD5
 2a  | Blowfish (not in mainline glibc; added in some
     | Linux distributions)
 5   | SHA-256 (since glibc 2.7)
 6   | SHA-512 (since glibc 2.7)

So by knowing the used glibc version (like 'rpm -q glibc --qf="%{version}\n"') you know what's supported.

Quote:

Originally Posted by duachuot30_4

p/s: my server cant upgrade to new version

List its hardware specifications and we'll probably tell you that you can :-]

duachuot30_4 · 09-24-2013, 09:03 PM

thanks for Reply.

Your answer is very great

I have some question:
You show: SHA-512 only supported since glibc version 2.7

Quote:

But my glibc version is 2.5. And It still supports SHA-512?
this is output of cat /etc/*release command:

Code:

[duachuot30_4@server2 ~]$ cat /etc/*release
Red Hat Enterprise Linux Server release 5.7 (Tikanga)

Quote:

Quote:
Originally Posted by duachuot30_4 View Post
p/s: my server cant upgrade to new version
List its hardware specifications and we'll probably tell you that you can :-]

Sorry, my boss does not allow our to upgrade Kernel. It will implement in different plan.

Thanks

unSpawn · 09-24-2013, 09:17 PM

Quote:

Originally Posted by duachuot30_4

But my glibc version is 2.5. And It still supports SHA-512?

So it seems:

Code:

2007-09-19  Ulrich Drepper  <drepper@redhat.com>

	* crypt/Makefile (libcrypt-routines): Add sha256-crypt, sha256,
	sha512-crypt, and sha512.
	(tests): Add sha256test, sha256c-test, sha512test, and sha512c-test.
	(distribute): Add sha256.h and sha512.h.
	* crypt/crypt-entry.c (crypt): Recognize the new $5$ and $6$ prefixes
	and call the appropriate code.
	* crypt/sha256-crypt.c: New file.
	* crypt/sha256.c: New file.
	* crypt/sha256.h: New file.
	* crypt/sha256c-test.c: New file.
	* crypt/sha256test.c: New file.
	* crypt/sha512-crypt.c: New file.
	* crypt/sha512.c: New file.
	* crypt/sha512.h: New file.
	* crypt/sha512c-test.c: New file.
	* crypt/sha512test.c: New file.

--- libc/crypt/Makefile	5 Oct 2005 19:33:35 -0000	1.10
+++ libc/crypt/Makefile	19 Sep 2007 20:37:33 -0000	1.11

Beats me why the manual page is wrong...

duachuot30_4 · 09-24-2013, 09:34 PM

Thank you very much.