On Sat, Jan 10, 2026 at 09:21:43PM +0100, Marc Haber wrote: > After sleeping about this for a few nights and updating again to -4, I > now have the following: > > |root@swivel-sid-buildd-amd64-q6ep:/srv# mkpasswd --hash=yescrypt foobar > |$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8 > |root@swivel-sid-buildd-amd64-q6ep:/srv# useradd aust > |root@swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:!' | chpasswd --encrypted > |chpasswd: (line 1, user aust) invalid password hash > |chpasswd: error detected, changes ignored > |root@swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:*' | chpasswd --encrypted > |root@swivel-sid-buildd-amd64-q6ep:/srv# echo > 'aust:!$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8' > | chpasswd --encrypted > |root@swivel-sid-buildd-amd64-q6ep:/srv# echo > 'aust:*$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8' > | chpasswd --encrypted > |chpasswd: (line 1, user aust) invalid password hash > |chpasswd: error detected, changes ignored > |root@swivel-sid-buildd-amd64-q6ep:/srv# > > ! => not accepted > * => accepted > !(valid hash) => accepted > *(valid hash) => not accepted > > Is this really intended? Isnt this introducing semantics that were never > intended? Ths TUHS Mailing List has basically confirmed that ! and * > just are strings that can never come out of hashing a valid password. > > Greetings > Marc
So, just to be clear, you think all would be fine if we accept * followed by anything, and ! not followed by anything?
