Re: Which password cipher ?

[haad <haaaad%gmail.com@localhost>]

On Wed, Dec 1, 2010 at 11:05 AM, Antti Kantee
<pooka%homeworld.netbsd.org@localhost> wrote:
> On Wed, Dec 01, 2010 at 09:42:17AM +0000, Julio Merino wrote:
>> On Tue, Nov 30, 2010 at 9:58 PM, Joel Carnat <joel%carnat.net@localhost> 
>> wrote:
>> > Hi,
>> >
>> > I'm installing a new domU and just realize I always choose the DES cipher 
>> > for storing local passwords as it is supposed to be the most compatible. I 
>> > personally don't use NIS (anymore) and password I share are store in LDAP 
>> > using SSHA1.
>> >
>> > Is it still save to store local password in DES or should something else 
>> > be used if possible ?
>> > If so, what's the best option Blowfish, SHA1 ?
>> >
>> > I read SHA1 has issues and SHA2 based cipher should be preferred.
>> > It also seems that OpenBSD uses Blowfish.
>>
>> Which makes me wonder... why do we even *ask* people to choose a
>> cypher algorithm during install? ÂCouldn't we, as the developers of
>> the system, make a good choice for our users (and let them change it
>> after installation if they so wish, just as they can with everything
>> else)? Â(It just feels stupid that we have a question in sysinst for
>> something as trivial as this but we don't have a way to select, e.g.
>> which services to enable.)
>
> Because the standard solution around here is to not have a solution
> and add flags and toggles and levers and knobs, i.e. outsource the
> discussion.

Haha the sad thing is that this is mostly true :).

>
> Does sysinst even make it possible to select sha1? ÂYes, let's just
> drop the question from sysinst.

Yes you can select SHA1


-- 


Regards.

Adam