Submitted by jasongayson on Thu, 02/07/2013 - 20:44
The UI (all kinds of password-related modules in Webmin, Usermin and Virtualmin) is full of outdated references to MD5 password hashing.
All of those old references/modules need SHA512 as their new defaults.
(And yes, I am aware that SHA512 is the default in Virtualmin itself; I am speaking mainly of Webmin here)
Status:
Active
Comments
Submitted by jasongayson on Thu, 02/07/2013 - 20:44 Comment #1
Submitted by JamieCameron on Thu, 02/07/2013 - 21:46 Comment #2
Where specifically are you seeing references to MD5?
Submitted by jasongayson on Thu, 02/07/2013 - 22:03 Comment #3
Everywhere.
Grep the source for MD5 and you'll find it too. There are 2-3 old Webmin/Usermin modules that have options such as:
Hashing: [x] MD5 [ ] Blowfish (or whatever the other one was)
Submitted by JamieCameron on Sat, 02/09/2013 - 01:42 Comment #4
I checked, and all the references I could see to MD5 just included it as an option among various password hashing types..
Submitted by aitte on Sat, 02/09/2013 - 19:12 Comment #5
Try Usermin Configuration -> Usermin Module Configuration -> Change Passwords.
Probably other places like that. I jsut had a quick look to see what the fuss was about.
Submitted by JamieCameron on Sat, 02/09/2013 - 20:19 Comment #6
Thanks - I'll fix up that usermin module by allowing other hashing formats.