Kurt Roeckx kurt at
Sun Jan 19 11:26:06 UTC 2020

On Sun, Jan 19, 2020 at 11:45:07AM +1000, Dr Paul Dale wrote:
> I meant “what default makes the most sense for the passwd command line application?”
> It was crypt which is deprecated.  Should it be BSD’s MD5?  One of the SHA2 based algorithms?  Or should it produce an error if no algorithm is selected?

I would actually like to go for something modern in that case,
like argon2 (argon2id). We have an open issue
( and pull request
( for argon2. PHP
seems to have made a format for it that's compatible with crypt():
But the argon2 RFC hasn't been published yet, so I think that
might need to wait.

The only thing that we support currently that makes sense as a
default is -5 (sha256) and -6 (sha512). I suggest you go with -6.


More information about the openssl-project mailing list