As Gentoo is migrating to sys-libs/libxcrypt, whould be nice to have an optional yescrypt support in pambase. Yescrypt is more resistant to offline password cracking than sha512 and it is supported by pam. https://www.openwall.com/yescrypt/
Created attachment 720108 [details] 0001-pambase.py-add-support-for-yescrypt-password-hashing.patch
Created attachment 720111 [details] 0001-sys-auth-pambase-add-support-for-yescrypt-password-h.patch
I agree that it makes sense but not earlier than I take a newer pam snapshot. Current situation with libxcrypt management via the cached autoconf variable is terrible.
https://github.com/gentoo/gentoo/commit/ea7b3eaad8c9da6119e093e41ab90fef0d06cd0d
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d7791ef9dc7cf4e5ffd8abe9e4120c386b98e0c commit 6d7791ef9dc7cf4e5ffd8abe9e4120c386b98e0c Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2021-12-18 17:48:03 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2021-12-18 17:48:32 +0000 sys-auth/pambase: Version bump (v20211218) Closes: https://bugs.gentoo.org/799131 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> sys-auth/pambase/Manifest | 1 + sys-auth/pambase/pambase-20211218.ebuild | 111 +++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+)