Use SHA-2 by default instead of MD5 for password encrypting

Ilya Kaliman ilya.kaliman at
Wed Dec 29 10:27:18 PST 2010

Sorry, but you didn't. It was just a reference for those who need
strong password security. I am perfectly fine with MD5 or SHA*. We may
just add a note to the book for people who need stronger security.


On Wed, Dec 29, 2010 at 6:28 PM, William Immendorf
<will.immendorf at> wrote:
> On Wed, Dec 29, 2010 at 12:58 AM, Ilya Kaliman <ilya.kaliman at> wrote:
>> By the way here is a nice article about why general purpose hash
>> functions are bad for hashing passwords:
> I get the idea: You want use to use Blowfish for encrypting our
> passwords. However, this does require modifications to Glibc, Shadow,
> and even Sysvinit to support this path, and it requires a lot of
> effort to support this scheme, while with SHA-2, it's supported right
> out of the box and provides much more security than MD5.
> But if enough people have their heart set on Blowfish, we will be
> willing to use that. For now, we are going to use SHA-512.
> --
> William Immendorf
> The ultimate in free computing.
> Messages in plain text, please, no HTML.
> GPG key ID: 1697BE98
> If it's not signed, it's not from me.
> --------------
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman
> --
> FAQ:
> Unsubscribe: See the above information page

More information about the lfs-dev mailing list