Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Which password cipher ?



On Wed, Dec 01, 2010 at 09:42:17AM +0000, Julio Merino wrote:
> On Tue, Nov 30, 2010 at 9:58 PM, Joel Carnat <joel%carnat.net@localhost> 
> wrote:
> > Hi,
> >
> > I'm installing a new domU and just realize I always choose the DES cipher 
> > for storing local passwords as it is supposed to be the most compatible. I 
> > personally don't use NIS (anymore) and password I share are store in LDAP 
> > using SSHA1.
> >
> > Is it still save to store local password in DES or should something else be 
> > used if possible ?
> > If so, what's the best option Blowfish, SHA1 ?
> >
> > I read SHA1 has issues and SHA2 based cipher should be preferred.
> > It also seems that OpenBSD uses Blowfish.
> 
> Which makes me wonder... why do we even *ask* people to choose a
> cypher algorithm during install?  Couldn't we, as the developers of
> the system, make a good choice for our users (and let them change it
> after installation if they so wish, just as they can with everything
> else)?  (It just feels stupid that we have a question in sysinst for
> something as trivial as this but we don't have a way to select, e.g.
> which services to enable.)

Because the standard solution around here is to not have a solution
and add flags and toggles and levers and knobs, i.e. outsource the
discussion.

Does sysinst even make it possible to select sha1?  Yes, let's just
drop the question from sysinst.


Home | Main Index | Thread Index | Old Index