Hello!

 

This idea has been fluctuating in my head for quite a while given that the 
migration had happened

a while ago [0] and some other major distributions have already adopted 
yescrypt as their default algo

by now [1]. For us switching is as easy as changing the default use flag in 
pambase and rehashing the password

with the ‘passwd’ call (a news item will be required).

 

What do you think?

 

P.S. surely, I am only speaking about the local auth method based on shadow and 
also about the pam-based systems as the change is going

to mainly impact the pam_unix.so calls in the pam’s stack.

Pamless or the systems with an alternative auth methods is a different story.

 

[0] - 
https://www.gentoo.org/support/news-items/2021-10-18-libxcrypt-migration-stable.html

[1] - 
https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow

Reply via email to