I frequently tout Christophe Devine’s XySSL library because it implements commonly-used cryptographic primitives in a concise, low-dependency package. I’ve used XySSL as the crypto libraries in many of my research projects.
A while ago the XySSL website disappeared and I became despondent. However, I have recently learned that the same great code is back as part of PolarSSL, at
polarssl.org. Check it out!
I recently discovered by surprise that the entries in /etc/shadow changed format in Ubuntu 8.10. It took some searching to track down what has changed and why, so I summarize my findings here.
The hash algorithm has changed to sha512, which is indicated by the $6$.
In the file /etc/pam.d/common-password, there was a line like so:
password [success=1 default=ignore] pam_unix.so obscure sha512
Changing it to:
password [success=1 default=ignore] pam_unix.so obscure md5
causes newly updated passwords to assume the old $1$ format. Don’t do this without a good reason as sha512 is definitely the better algorithm, but at least now the change makes sense.