on AIX, it would be a simple:
chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha512
Question: But how can we set the default password algorithm to sha512?
UPDATE: I think pwd_algorithm doesn't supports ssha512, but it would be better, yes.. tried it on a Linux Desktop:
[root@notebook ~]# john --test -format=ssha512
Will run 4 OpenMP threads
Benchmarking: SSHA512, LDAP [32/64 OpenSSL]... (4xOMP) DONE
Many salts: 3450K c/s real, 858307 c/s virtual
Only one salt: 2826K c/s real, 713696 c/s virtual
[root@notebook ~]#
[root@notebook ~]# john --test -format=bcrypt
Will run 4 OpenMP threads
Benchmarking: bcrypt ("$2a$05", 32 iterations) [Blowfish 32/64 X3]... (4xOMP) DONE
Raw: 1800 c/s real, 455 c/s virtual
[root@notebook ~]#
Does this mean ~1800 passwords per second with bcrypt and ~3 000 000 passwords per seconds with ssha512 on this Desktop? Slower is better.
Best Answer
Setup
ENCRYPT_METHOD SHA512
in file /etc/login.defsAlso pay attention to NOTE mentioned in the same file, just above the
ENCRYPT_METHOD
parameter, which saysSo additional modification along with
/etc/login.defs
is to modify/etc/pam.d/common-password
Here, obscure was handled by login.defs but now obsoluted by PAM