[Pkg-shadow-devel] Bug#447747: Bug#447747: chpasswd default hash algorithm

Margarita Manterola margamanterola at gmail.com
Tue Oct 23 18:10:42 UTC 2007


Hi!

On 10/23/07, Christian Perrier <bubulle at debian.org> wrote:
> Quoting Matias Soler (gnuler at gmail.com):
> > Package: passwd
> > Version: 1:4.0.18.1-7
> > Severity: wishlist
> >
> > It would be desirable to default chpasswd hash algorithm to MD5 instead of
> > DES.
> Well, we might need a pretty strong rationale to consider a change
> that would break the "no surprise" principle.

Well, it depends on which the surprise is.  I find it quite surprising
that in 2007 using chpasswd in Debian leads to passwords being
truncated at 8 characters.  I thought this was OLD history.

> Changing the default behaviour of the utility would be likely to break
> existing setups that use chpasswd.

Would something really break?  The passwords would be as long as the
user actually typed them, but only after changing the password, and
only if you used a longer-than-8-characters-long password but then
typed the first 8 characters.

What real scenario is there for something breaking?

> So, really, my first reaction is being non invasive and mark this bug
> as "wontfix".

How long should we keep using an obsolete default, just because
"that's how it used to be done" ?

-- 
Love,
Marga





More information about the Pkg-shadow-devel mailing list