Yes "man crypt" gives you the mcrypt page, in section 1 of the man pages. Note the 3 in what I gave you above. crypt is still found in section 3 of the man pages - it's a programming interface, not a cli program.Ahtiga Saraz wrote:On my system, man crypt gives me the man page for mcrypt, a deb which I installed a few weeks ago. I presume the developers of mcrypt intended it that way. Anyway, it prevents me from seeing whatever you think I should read.
Let me try again: the default line in /etc/pam.d/common-password isWe have now clearly established that md5 (or sha256, or sha512) are just what we do not want (iteration and salts make no difference to this point), so that default line (which is surely more recent than 1970s?) is just what Debian users very certainly do not want to have in their /etc/pam.d/common-password! So what line to I need to replace this line with?Code: Select all
password required pam_unix.so nullok obscure md5
iteration does make a difference, see article 1. iteration slows down any potential attack, especially if the attacker doesn't know2 how many iterations are needed (although it slows them down even if they do)
hash(password+salt)=hash1
hash(hash1)=hash2
hash(hash2)=hash3
That will do to illustrate. That's 3 iterations. Rainbow tables are obviously useless here (salt was enough to take care of that), so all that's left is brute force. To brute force this you would have to take each possible combination, run it through the hash, try the result, if it doesn't work run it through the hash again, try again, run it through the hash again, try again. Then move on to the next combination. That assumes that you know the max hash attempts is 3.
If you don't know how many iterations it complicates things immensely. Using a slower function makes things ven worse fromk an attackers standpoint. But the bottom line is that iterations slow things down. blowfish is slower than any of the hash functions. Blowfish + iterations will defintely put a crimp in any possible attack.
That said sha512 with lots of iterations should be more than secure (I don't use 1000 iterations, I use significantly more). Even md5 with lots of iterations would probably be safe enough (I would not recommend that though, I'm just using it to demonstrate a point). I could (and have in the past) gone with Debian's unix2 (blowfish) implementation, but I don't like the fallback options (being only md5 and des), so I'm sticking (for the moment) with sha512 and lots of iterations.