#58: Document that pam_unix remember= option uses MD5 hash
---------------------+-------------------------------
Reporter: bigon | Owner: pam-developers@…
Type: security | Status: new
Priority: major | Component: modules
Version: | Resolution:
Keywords: | Blocked By:
Blocking: |
---------------------+-------------------------------
Comment (by tmraz):
It is deprecated. There is no plan adding different hash algorithm support
for it. Also the in-security of using the MD5 hash algorithm for storing
password is not so fatal - the insecurity of MD5 hash lies in easy
collision attacks which are irrelevant for salted password hashing. Yes,
this password hashing algorithm does not provide much protection against
brute force and dictionary cracking attack in comparison to the state-of-
the-art password hashing algorithms however the SHA2 based password hashes
are not particularly better in this regard either.
We can documment that the remember option uses MD5 based password hash
algorithm though.
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/58#comment:2>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project