Hello,
currently pam_unix hardcodes the new salt length when password is
changed to be 8 characters - this makes it due to the limitation to 64
only possible characters to be 48 bits long. This is slightly lower than
can be considered as long enough for any paranoid. I propose to make it
12 characters which should satisfy any paranoid person as rainbow tables
of 2^72 hashes for each tested password can hardly be created in the
foreseeable future.
Or do you think that the current salt length should be sufficient and
stay as is?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)