"Perry E. Metzger" <perry@wasabisystems.com> writes:
> Unless there are quite solid objections, I would to to make the
> following our standard /etc/passwd.conf:
>
> --------------------------------------------------
> default:
>         localcipher = md5
>         ypcipher = old
> --------------------------------------------------
>
> Note that there is no obvious reason to object. Old password files
> will still work. New passwords will use md5, but if an admin doesn't
> like that he can just change localcipher to old.

I have to object that the use of md5 is discouraged since the end of
last year at least, when a method was discovered to produce
collissions in the MD5 keyspace in an automatic way using mathematics
(so it's not a pure bruteforce type thing). The use of SHA1 is
discouraged as well, since it's not clear how much it's influenced by
the problems the MD family has. SHA256, SHA384, SHA512 and SHA768 are
the recommended candidates.

So I would suggest at least going for SHA1, since in contrast to MD5
there's not yet a O(1) attack against it.

-- 

				Tonnerre