These are archived pages, most of them date back to 2007-2012. This content might not be relevant or accurate anymore.

Hashing passwords with Blowfish

Instructions applies to Debian but should be similar on other distributions.

Firstly you need to install PAM module capable of Blowfish, install libpam-unix2:

apt-get install libpam-unix2

Then change PAM configuration in /etc/pam.d:

  • in /etc/pam.d/common-account change: account required


account required
  • in /etc/pam.d/common-auth change: auth required nullok_secure


auth    required nullok
  • in /etc/pam.d/common-password change: password required nullok obscure min=4 max=8 md5


password   required nullok obscure min=4 max=8 blowfish
  • in /etc/pam.d/common-session change: session required


session required

⚠️ This is basic configuration, if you have custom configuration (e.g. for fingerprint reader or some servers) don’t forget to change it accordingly.

From now on passwords will be hashed with blowfish, run passwd to rehash your password. Existing passwords are still valid.

disorder's homepage