[Pam-developers] Re: Raise salt length for the sha2 password hashes

Hello, currently pam_unix hardcodes the new salt length when password is changed to be 8 characters - this makes it due to the limitation to 64 only possible characters to be 48 bits long. This is slightly lower than can be considered as long enough for any paranoid. I propose to make it 12 characters which should satisfy any paranoid person as rainbow tables of 2^72 hashes for each tested password can hardly be created in the foreseeable future. Or do you think that the current salt length should be sufficient and stay as is?