Moving from MD5 to Blowfish on Debian/Ubuntu
By default, Debian & Ubuntu use MD5 to hash your passwords. While this is relatively secure, using Blowfish instead is (much?) better.
As I’m not a cryptographer, I have no idea how much better it is. But switching is incredibly easy, and there are no downsides, AFAIK. Follow along…
First, you need to install libpam-unix2, the pam module which uses Blowfish. This is only an apt-get away…
Next, replace ‘pam_unix.so’ by ‘pam_unix2.so’ in /etc/pam.d/common-auth, /etc/pam.d/common-account, /etc/pam.d/common-session & /etc/pam.d/common-password.
In /etc/pam.d/common-password, you also need to change ‘md5′ to ‘blowfish’.
And while you’re at it, change ‘max=8′ (still in /etc/pam.d/common-password) to something higher, like ‘max=20′. It is my understanding that this limits the max size of your password. While you can still use a password longer than 8 chars, it’ll just ignore everything after the 8th char.
Those are all the changes you need to make your system start using Blowfish. You will need to create Blowfish hashes though (obviously), so the changes only apply to newly created accounts or when you change (or re-set) your password (using ‘passwd’).
I have only basic knowledge of pam, so some of these modifications may be redundant. Or there might be an even easier way to change it - I don’t know, but these changes will most certainly make it work.
