Digital Consumption

 Charles Darke | 8 March 2008
Firstly need to install libpam-unix2:

aptitude install libpam-unix2

Replace the occurrences of with

sed -i 's/' /etc/pam.d/*

In /etc/pam.d/common-password, change md5 to blowfish.

sed -i 's/md5/blowfish/g' /etc/pam.d/*

New or changed passwords will now be encrypted with Blowfish.

If you want to check if everything worked, look at /etc/shadow and see what the hash looks like:
  • starts with alphanumeric characters and is 13 characters long - password is encrypted with DES
  • starts with $1$ - password is hashed with MD5
  • starts with $2$ - password is encrypted with blowfish

Comments (2)

The nullok_secure option was added to support passwordless pam_unix logins only from ttys listed in /etc/securetty. It was added because nullok was not considered an appropriate option to configure for all services, but there was a need to support passwordless root logins on tty2 on newly installed Debian systems when base-config has not yet been run to configure a root password.

nullok_secure was/is a Debian-specific patch and has not yet been implemented in
  Written by Charles Darke at 1:45am, 25 May 2008.
See also issue with gnome-screensaver:

Hopefully, now fixed in unstable.
  Written by Charles Darke at 1:53am, 25 May 2008.