Use SHA-2 by default instead of MD5 for password encrypting

William Immendorf will.immendorf at
Tue Dec 28 22:44:19 PST 2010

On Wed, Dec 29, 2010 at 12:25 AM, Bruce Dubbs <bruce.dubbs at> wrote:
> You are probably right about shadow, but the main reason for the
> checksums for package downloads is to provide data integrity, not
> security.  The better way for ensuring a package has not been
> intentionally modified is to use digital signatures.
If you just want to use MD5 for just checking to see if a package
isn't corrupted or modified, then I'm fine with that use. For the
others, I would use SHA-2.
> Although PAM is in BLFS, I'm not aware of any changes to that package
> that would be needed to utilize a different login encryption method.
> For changing a password, I think that PAM uses whatever method currently
> is in use.   Let me add a caveat though.  I haven't used PAM in several
> years.  I think it just gets in the way.
Well, I think it uses whatever encryption option specified as an
argument to But, then again, the configuration that BLFS
uses is arleady using SHA-512 encryption.

The only thing left is to change the sed in the LFS book, and that's it.

William Immendorf
The ultimate in free computing.
Messages in plain text, please, no HTML.
GPG key ID: 1697BE98
If it's not signed, it's not from me.


"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

More information about the lfs-dev mailing list