On Sun, Jan 19, 2020 at 11:45:07AM +1000, Dr Paul Dale wrote: > I meant “what default makes the most sense for the passwd command line > application?” > It was crypt which is deprecated. Should it be BSD’s MD5? One of the SHA2 > based algorithms? Or should it produce an error if no algorithm is selected?
I would actually like to go for something modern in that case, like argon2 (argon2id). We have an open issue (https://github.com/openssl/openssl/issues/4091) and pull request (https://github.com/openssl/openssl/pull/9444) for argon2. PHP seems to have made a format for it that's compatible with crypt(): https://wiki.php.net/rfc/argon2_password_hash_enhancements But the argon2 RFC hasn't been published yet, so I think that might need to wait. The only thing that we support currently that makes sense as a default is -5 (sha256) and -6 (sha512). I suggest you go with -6. Kurt
