Hello!
This idea has been fluctuating in my head for quite a while given that the migration had happened a while ago [0] and some other major distributions have already adopted yescrypt as their default algo by now [1]. For us switching is as easy as changing the default use flag in pambase and rehashing the password with the ‘passwd’ call (a news item will be required). What do you think? P.S. surely, I am only speaking about the local auth method based on shadow and also about the pam-based systems as the change is going to mainly impact the pam_unix.so calls in the pam’s stack. Pamless or the systems with an alternative auth methods is a different story. [0] - https://www.gentoo.org/support/news-items/2021-10-18-libxcrypt-migration-stable.html [1] - https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow
