Blowfish support in Debian Etch
by Artur on Nov.06, 2008, under Security
A quick how to about enabling blowfish password encryption in Debian.
Why you shouldn’t use md5 passwords (default in Etch)
To enable blowfish support, you have to install libpam-unix2 and libpam-passwdqc packages.
user@computer:$ apt-get install libpam-unix2 libpam-passwdqc
Package libpam-passwdqc is used to enable password checks when changing passwords.
Next you have to replace all references of pam_unix.so with pam_unix2.so in all files under /etc/pam.d
You can use perl one liner to do that:
user@computer:$ perl -pi -w -e 's/pam_unix.so/pam_unix2.so/g;' /etc/pam.d/*
Now edit /etc/pam.d/common-password and change:
password required pam_unix2.so nullok obscure md5
to
password required pam_unix2.so nullok obscure blowfish
You have to change all passwords to be saved using blowfish. You do not have to restart your server afterwards.
