to...@tuxteam.de wrote: > On Tue, Mar 13, 2018 at 05:25:18PM +0100, Sven Hartge wrote: >> Adam Weremczuk <ad...@matrixscience.com> wrote:
>>> I think it was me invoking "passwd" as root and aborting (ctrl+D) >>> without making any changes. Would that be enough to update the >>> shadow file? >> No. >> >> You can't reverse a hash and to generate a new hash the code needs >> the password for the user in plain. > Well, to be fair, the change to SHA-1 is because you can "reverse" MD5 > all too easily Yes, basically. > But I don't think your operating system is going to do that behind > your back ;-) It would be quite obvious when just starting "passwd" takes several days while it cracks your MD5 hash to replace it with a stronger one ;) But on that note: I wonder of one could create a PAM module which will do just that on successful login. Once you *know* you have the right password (and the PAM system has that knowledge including the plain text password the user entered) just rehash it and update /etc/shadow. This will gradually upgrade all hashes once a user uses an account. S° -- Sigmentation fault. Core dumped.