Hashing of user passwords

For discussions about security.
Post Reply
Message
Author
Graf_Koks
Posts: 34
Joined: Tue 21 Jan 2014, 19:32

Hashing of user passwords

#1 Post by Graf_Koks »

Hi,

again I stumbled over the problem to set secure user passwords in 5.7.1.

Using passwd, passwords of length longer than 8 characters are accepted in general. However, only the first 8 characters are evaluated when checking the password. That is, password "12345678" would be accepted, even when password "1234567890" was set via passwd. This is a problem of the default hashing method DES.

Clearly, you can choose MD5 hashing, but MD5 is not considered to be secure anymore even when it is said, that preimage collisions are not possible yet. Unfortunately, any other hashing algorithm is not possible via passwd. Or I am to dumb to find it.

Alternatively, what I did was to create password hashes via

mkpasswd --method=<method> --salt="<salt>"

with <method> being des, md5, sha-256 or sha-512 and <salt> being some random string. The result I copied to the corresponding place in the shadow file and removed every information from the histories.

This worked. Nevertheless, is this one correct way to set passwords?

Regards,
Graf Koks

Post Reply