<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 22 February 2015 at 22:48, Chris Murphy <span dir="ltr"><<a href="mailto:lists@colorremedies.com" target="_blank">lists@colorremedies.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm noticing that Fedora depends on the user passworld, plus a salt,<br>
and the glibc sha512-crypt.c default of 5000 rounds through SHA512, to<br>
create the hash found in /etc/shadow.<br>
<br></blockquote><div><br></div><div>The main issue that occurs when you change the 5000 rounds is running into mixed environments. You quickly find that while the password format has a format which allows for you to set the number of rounds.. a lot of places assume that 5000 is what is being used. You then have the "I can't login to X" where X is some addon to the Oracle/SAP/etc system and you can't do your vacation time. To deal with that is a larger issue than just the security team in that you need to say "We realize that the product change is going to affect usage in non-Fedora-only environment.</div><div><br></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
OS X 10.10 has been out some months and hashcat doesn't have OS X<br>
10.10 support yet, and they distinguish between each major OS X<br>
version 10.4 through 10.9. Clearly Apple changes there hashing method<br>
between each OS X release.<br>
<div class="HOEnZb"><div class="h5"><br></div></div></blockquote><div><br></div><div>Sometimes they do.. sometimes they don't. The main issue is where the password is stored and the format it is stored in versus the method. [They used the same method for a couple but changed how it looked.] They can't change it too much because they have to deal with the fact that user X has a MacOS-X 10.9 and 10.10 box and may need to work in an environment where box A and B are using the same password.</div></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Stephen J Smoogen.<br><br></div></div>
</div></div>