pam-configs/unix: Default to yescript rather than sha512. From a

theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553
author: Sam Hartman <hartmans@debian.org> 2021-02-01 14:41:55 -0500
committer: Steve Langasek <steve.langasek@canonical.com> 2021-09-15 17:52:35 -0700
commit: b3488d8dc8602a1d761805402001273f7d278ec2 (patch)
tree: 94731d2bba0ee1e0084f132628a52b37d2af9c62
parent: 0a8caac47299c25dd02b6289e2a6e0743fd6e363 (diff)
download: pam-b3488d8dc8602a1d761805402001273f7d278ec2.tar.gz
pam-b3488d8dc8602a1d761805402001273f7d278ec2.tar.bz2
pam-b3488d8dc8602a1d761805402001273f7d278ec2.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/debian/pam-configs/unix b/debian/pam-configs/unix
index 6e896439..83c429bc 100644
--- a/debian/pam-configs/unix
+++ b/debian/pam-configs/unix
@@ -18,6 +18,6 @@ Session-Initial:
 	required	pam_unix.so
 Password-Type: Primary
 Password:
-	[success=end default=ignore]	pam_unix.so obscure use_authtok try_first_pass sha512
+	[success=end default=ignore]	pam_unix.so obscure use_authtok try_first_pass yescrypt
 Password-Initial:
-	[success=end default=ignore]	pam_unix.so obscure sha512
+	[success=end default=ignore]	pam_unix.so obscure yescrypt
author	Sam Hartman <hartmans@debian.org>	2021-02-01 14:41:55 -0500
committer	Steve Langasek <steve.langasek@canonical.com>	2021-09-15 17:52:35 -0700
commit	b3488d8dc8602a1d761805402001273f7d278ec2 (patch)
tree	94731d2bba0ee1e0084f132628a52b37d2af9c62
parent	0a8caac47299c25dd02b6289e2a6e0743fd6e363 (diff)
download	pam-b3488d8dc8602a1d761805402001273f7d278ec2.tar.gz pam-b3488d8dc8602a1d761805402001273f7d278ec2.tar.bz2 pam-b3488d8dc8602a1d761805402001273f7d278ec2.zip