Thanks for reporting this issue. We switched from md5 to sha512 in Lucid [1], so we haven't used md5crypt for password hashing in the main distro for a long time.
For compatibility reasons, and for access to legacy data, we will not remove md5crypt functionality. If you know of any particular package that actively uses md5crypt by default in the Ubuntu archive, please file a bug against that specific package. Thanks. [1] - https://wiki.ubuntu.com/Security/Features ** Visibility changed to: Public ** Changed in: ubuntu Status: New => Won't Fix ** Changed in: ubuntu Status: Won't Fix => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1010902 Title: CVE-2012-3287: md5crypt is no longer considered safe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1010902/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
