tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Changing the default localcipher in passwd.conf to argon2id



On Sun, Oct 31, 2021 at 04:45:59PM -0700, Alistair Crooks wrote:
> Or is the intent to discuss this in retrospect?

Is the concern primarily with it not being in a release?

I'm not really certain how I could address it, other than a prerequisite
waiting a few years. It's true that existing passwords won't be affected
until they're regenerated, and people who are updating etc with etcupdate
will get a prior warning that some configuration is changing. Updating
etc in any other way seems like it will get you nasty surprises
regardless :/

Something that now occurs to me is that the error feedback from passwd
is not good at all if an unspecified cipher is used:

Couldn't generate salt.
Unable to change auth token: Error in service module

but this may be down to limitations in the crypt interface.


Home | Main Index | Thread Index | Old Index