Security Basics mailing list archives
Re: AW: SSH / Witch options are secure ??
From: Chris Ess <azarin () tokimi net>
Date: Sat, 16 Aug 2003 22:23:02 -0400 (EDT)
Are md5 stored passwords more secure than des ones?? Installing suse 8 from scratch enables des passwords per default. This means that I cant use md5 for ssh, doesn't it?
I'm not 100% sure. I've never tried switching password type on the same install. I imagine there's a way to do it, but you have to be cry careful. I've been told that MD5 encrypted passwords are more secure than standard unix crypt passwords. Historically, standard unix crypt (DES) passwords are limited to eight characters. Even if the password you provide with the passwd command is 20 characters long, only the first eight are honored. I believe that MD5 lacks such a limit... or that such a limit, if present, is greater than eight characters. If your system does not support MD5 passwords, then omit the '--with-md5-passwords' option to OpenSSH's ./configure script. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician) --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSH / Witch options are secure ?? MatzeGuentert (Aug 15)
- Re: SSH / Witch options are secure ?? Chris Ess (Aug 16)
- AW: SSH / Witch options are secure ?? MatzeGuentert (Aug 16)
- Re: AW: SSH / Witch options are secure ?? Chris Ess (Aug 18)
- AW: SSH / Witch options are secure ?? MatzeGuentert (Aug 16)
- Re: SSH / Witch options are secure ?? Gabriel Orozco (Aug 16)
- <Possible follow-ups>
- RE: SSH / Witch options are secure ?? Adil Can (Aug 18)
- Re: SSH / Witch options are secure ?? Chris Ess (Aug 16)