On St, 2015-08-12 at 17:44 +0200, Tomas Mraz wrote:
Hello,
currently pam_unix hardcodes the new salt length when password is
changed to be 8 characters - this makes it due to the limitation to
64
only possible characters to be 48 bits long. This is slightly lower
than
can be considered as long enough for any paranoid. I propose to make
it
12 characters which should satisfy any paranoid person as rainbow
tables
of 2^72 hashes for each tested password can hardly be created in the
foreseeable future.
Or do you think that the current salt length should be sufficient and
stay as is?
Ping? Any opinion on this topic?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)