In message <20020524104611.GA26583@meltdown.kittenz.org>, xs@kittenz.org writes
:
>on Thu, May 23, 2002 at 11:22:51PM -0400, Steven M. Bellovin wrote:
>> One other point I should mention:  the code fragment I sketched had an 
>> optional site-specific field.  Today's algorithm encrypts a constant 
>> block, which makes hashed passwords portable.  That isn't necessarily 
>> an advantage, since it lets an attacker combine password files from 
>> multiple sites for a single cracking run.  The variant allows site 
>> administrators to change that.
>> 
>> Where to store this string is an open issue.
>
>Is there any harm in storing it in /etc/passwd.conf?
>eg,
>default:
>    localcipher = sha512[,rounds[,site-salt]]
>
>
It's the obvious file, though the syntax may take a bit of work.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)