MD5 and SHA512

A client was concerned that their password hash was MD5. A check of the /etc/shadow file showed: user:$6$UAxaIY9I$hAkj …   The first field annotated by a ‘$’ (: is the delimiter) is 6 = SHA256 (1 = MD5) And /etc/pam.d/common-password specifies it: ​ password        [success=1 default=ignore] obscure use_authtok try_first_pass[…]

FIPS 140-2 Testing

A client specified external testing of a Debian distro with another distro’s FIPS module compiled in. This was pretty interesting. We tested to make sure SSH1 doesn’t work at all and SSH2 does with the following cyphers: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, and the following keys: RSA, ECDSA, DSA