On Mon, Feb 02, 2015 at 10:33:24AM +0900, 김혜진 wrote: > Hello. I share a patch of su command. > > > ---------- Forwarded message ---------- > From: 김혜진 <[email protected]> > Date: 2015-01-29 21:35 GMT+09:00 > Subject: Re: su patch > To: Rob Landley <[email protected]> > > > Hi. Rob > > I Send you fixed patch. > > As I look at passwd and mkpasswd, default encryption method is "des". > Because useradd calls passwd with no option of encryption method, it make > "des" encrypted password. > It was the fact. > So, I changed the default encryption method to "md5". > But, su cannot check if 0 index of password is $, because user can choose > "des" at any time if they want. > > plz check my patch! > > And, If you have more time, plz review my questions regarding netcat.
md5 is not better and probably worse than des. You should be using bcrypt if the system supports it and otherwise sha256, sha512, or the enhanced des support some systems have. These could be tried as sequential fallbacks. Rich _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
