On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH wrote:
>> You could configure default scheme as CRYPT. It covers these all. Otherwise
>> you need to make sure passwords have {SCHEME} prefix when it differs from
>> default or oddities occur. ---
> Thank you for the tip with CRYPT.
>
> Is there any explanation for this behaviour though?
>
> Why are BCRYPT hashes accepted when default_pass_scheme is set to
> SHA512-CRYPT
> and not vice versa? Is this normal?
>
Because SHA512-CRYPT is directly sent to crypt(3) but BLF-CRYPT and
CRYPT are ran thru something that checks if it starts with $2$ or not,
as linux does not actually support bcrypt in crypt(3).Aki
signature.asc
Description: OpenPGP digital signature
