After sleeping about this for a few nights and updating again to -4, I now have the following:
|root@swivel-sid-buildd-amd64-q6ep:/srv# mkpasswd --hash=yescrypt foobar |$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8 |root@swivel-sid-buildd-amd64-q6ep:/srv# useradd aust |root@swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:!' | chpasswd --encrypted |chpasswd: (line 1, user aust) invalid password hash |chpasswd: error detected, changes ignored |root@swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:*' | chpasswd --encrypted |root@swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:!$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8' | chpasswd --encrypted |root@swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:*$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8' | chpasswd --encrypted |chpasswd: (line 1, user aust) invalid password hash |chpasswd: error detected, changes ignored |root@swivel-sid-buildd-amd64-q6ep:/srv# ! => not accepted * => accepted !(valid hash) => accepted *(valid hash) => not accepted Is this really intended? Isnt this introducing semantics that were never intended? Ths TUHS Mailing List has basically confirmed that ! and * just are strings that can never come out of hashing a valid password. Greetings Marc
