Wrong password encryption (openSUSE 11.0)?

Hi,

I installed openSUSE 11.0 on 5 machines (physical / virtual) with different types of setup configurations, but there’s one thing which seems to work wrong on all of these machines:

Although I’ve chosen MD5 encryption for passwords, the system ignores this setting and uses blowfish encryption only.

/etc/default/passwd:
CRYPT=md5
CRYPT_FILES=md5
BLOWFISH_CRYPT_FILES=10
CRYPT_YP=des

/etc/shadow:
test:Eahrk85ODPvlY:14062:0:99999:7:::

I didn’t know whether it’s blowfish or DES, but after trying to use GDM on a machine, I know that it’s blowfish because I can only login after changing the /etc/default/password settings to blowfish. It seems that GDM uses these values so get the right method?!

Is this a security problem? Am I doing something wrong?
Am I searching at the wrong places?

Thanks for all helpful information.

Best regards,
Thomas

There’re some views on my post but no reply to it.
I think that it’s not clear what I try to achieve. :slight_smile:

It would help me a lot if one (or some) of you could just
look in the /etc/shadow on your openSuSE 11.0 machine.
If you configured your system to use MD5 password encryption
and only see short passwords (blowfish) → please let me know!

Thanks!

Eahrk85ODPvlY is DES.
Blowfish ones ($2a$10$yM1cRna.S8gA2y/tkLuhZuca7mJYPF5kyKzx5KTt.z0WZNvf.ieCG) are much longer. MD5 is somewhere in between that and uses $1$ for identification.

Okay, thanks. So I mixed up with DES and Blowfish.

But nevertheless it’s not MD5 as I configured it.
I’m a bit confused with what I said about GDM earlier,
but in general the problem about the wrong encryption is definitely existing.