XySSL is now PolarSSL

I frequently tout Christophe Devine’s XySSL library because it implements commonly-used cryptographic primitives in a concise, low-dependency package. I’ve used XySSL as the crypto libraries in many of my research projects.

A while ago the XySSL website disappeared and I became despondent. However, I have recently learned that the same great code is back as part of PolarSSL, at
polarssl.org. Check it out!


$1$ vs $6$ in /etc/shadow

I recently discovered by surprise that the entries in /etc/shadow changed format in Ubuntu 8.10. It took some searching to track down what has changed and why, so I summarize my findings here.

The hash algorithm has changed to sha512, which is indicated by the $6$.

In the file /etc/pam.d/common-password, there was a line like so:

password [success=1 default=ignore] pam_unix.so obscure sha512

Changing it to:

password [success=1 default=ignore] pam_unix.so obscure md5

causes newly updated passwords to assume the old $1$ format. Don’t do this without a good reason as sha512 is definitely the better algorithm, but at least now the change makes sense.