7 Mar
2019
7 Mar
'19
2:24 p.m.
On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH wrote:
You could configure default scheme as CRYPT. It covers these all. Otherwise you need to make sure passwords have {SCHEME} prefix when it differs from default or oddities occur. --- Thank you for the tip with CRYPT.
Is there any explanation for this behaviour though?
Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this normal?
Because SHA512-CRYPT is directly sent to crypt(3) but BLF-CRYPT and CRYPT are ran thru something that checks if it starts with $2$ or not, as linux does not actually support bcrypt in crypt(3).
Aki