Shadow update

Olaf mailinglists at
Sat Oct 11 00:38:29 PDT 2008

Robert Connolly wrote:
> On Thursday October 9 2008 06:21:37 pm Bruce Dubbs wrote:
>> Should there be a mention of the possible use of SHA password encryption?
> Using MD5 or SHA can be kept simple by using all the default options for SHA, 
> and mentioning that there are more options in login.def. Many people probably 
> don't know SHA was added to Glibc.
When you mention the possibility for SHA, maybe it is a good idea to 
also the option to increase the number of SHA rounds.

 From login.def:
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
# If not specified, the libc will choose the default number of rounds 
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.

I do not have any numbers on the CPU resources needed when 
(dramatically) increasing SHA rounds.

DIY note for reference:


More information about the lfs-dev mailing list