Why does Debian GNU/Hurd use DES encrypted passwords instead of MD5 encrypted passwords?
Probobly cause we don't have PAM support yet, and Debian GNU/Linux uses that to enable/disable MD5 passwords for chpasswd. I have tested MD5 passwords on the Hurd (I've copied a /etc/shadow entry from my GNU/Linux installation to my /etc/shadow on Debian GNU/Hurd and logged in). This works. libshouldbeinlibc wasn't written to support this(I assume because of the crypt prototype there), but it supports it because of the way glibc works. libshouldbeinlibc (in reality idvec-verify.c) doesn't have anything todo with the generation of passwords, thats all crypt()'s doing. And crypt() as you say does support both MD5 and and old crypt passwords (it uses a salt to figure out which one to use, see libc documentation for details). I wonder if no-one knew it works (some people claimed it didn't works and because of that I had a look) or if it wasn't enabled because I'm stupid and don't understand debian. It wasn't enabled because there is no "sane" way of enableing it right now, you could try port PAM to GNU/Hurd (the correct way of fixing this), or hack chpasswd to use MD5 passwords as default (the wrong way, and it would probobly violate some standard out there)
