It seems yescrypt is not yet the default in Ubuntu 22.04 about yescrypt HOT 4 CLOSED

My bad: Additional information.

A look at /etc/shadow suggests that the passwords are indeed hashed using yescrypt. So what is missing is the ability to set the yescrypt_cost_factor in /etc/login.defs.

root@REDACTED:/etc# grep -irl cost_factor
root@REDACTED:/etc#

from yescrypt.

Of course it is there in common-password; but that is certainly not the place to set the cost_factor.

Why not? I think it is the primary place to set it, with rounds= to pam_unix.so. Does that not work for you? With typical ways to set/change a user password, which go via PAM, it should work.

As to login.defs, I don't know (haven't checked) whether or not Ubuntu has also updated to sufficiently recent shadow package to support yescrypt there (such version of shadow does exist, I just don't know whether it's in Ubuntu). Anyway, the password hashing specified/configured in there is normally only used by relatively obscure tools that bypass PAM: chpasswd and newusers (for users) and gpasswd and chgpasswd (for groups - an even more obscure feature).

from yescrypt.

Thanks. It seems the two concepts are somewhat different.

For SHA512 rounds=10000 would make SHA512 relatively more difficult to crack compared to rounds=5000 (default). More CPU cycles.

The YESCRYPT_COST_FACTOR=11 would make it logarithmically more difficult compared with =5. Longer salt(?) probably.

Doing a bit more research, it seems to appear as a bug in login.defs and its lack of consistency with common-password.

In sum, as of this morning the yescrypt implementation of Jammy needs bugfix. I see that login.defs is already fixed in Debian Sid.

In Debian Sid, it is clear that rounds will be ignored for yescrypt, but the cost_factor will apply.

from yescrypt.

Yes, there's the linear vs. logarithmic difference in how the rounds setting is treated by sha512crypt vs. yescrypt. No, this has nothing to do with salt length.

However, regardless of this, on systems that use PAM (like Debian and Ubuntu do), you can use the rounds setting in common-password to adjust yescrypt cost factor. The settings in login.defs are relatively less important (are rarely used).

And yes, if login.defs comments have not yet been updated for yescrypt, that's something to fix. It makes me wonder, though, whether the shadow package itself has been updated to include yescrypt support or possibly not yet - which would make no difference for most usage, as I explained above.

I'll close this issue now as there's nothing for us to do on it - the yescrypt documentation is correct in claiming yescrypt is default on Ubuntu 22.04.

There may be something for Ubuntu to do - please feel free to open an issue with them. Thank you!

from yescrypt.