diff --git a/appendices/dependencies.xml b/appendices/dependencies.xml
index 54b3d65e0..1d693e064 100644
--- a/appendices/dependencies.xml
+++ b/appendices/dependencies.xml
@@ -1892,7 +1892,7 @@
&dependencies;
Bash, Binutils, Coreutils, Diffutils, Gawk, GCC, Glibc, Grep,
- Make, and Sed
+ Make, Perl, and Sed
diff --git a/chapter08/libxcrypt.xml b/chapter08/libxcrypt.xml
index c65d7db29..3fb59941d 100644
--- a/chapter08/libxcrypt.xml
+++ b/chapter08/libxcrypt.xml
@@ -99,7 +99,7 @@
no package installed by compiling from sources would link against
them at runtime. However, the only known binary-only applications
that link against these functions require ABI version 1. If you must
- have such libraries because of some binary-only application or to be
+ have such functions because of some binary-only application or to be
to be compliant with LSB, build the package again with the following
commands:
diff --git a/chapter08/shadow.xml b/chapter08/shadow.xml
index 93d1f3f7e..0f34d70ac 100644
--- a/chapter08/shadow.xml
+++ b/chapter08/shadow.xml
@@ -60,11 +60,10 @@ find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;
Instead of using the default
- crypt method, use the more secure
- SHA-512 method of password encryption, which also
- allows passwords longer than 8 characters. In addition, set the number of
- rounds to 500,000 instead of the default 5000, which is much too low to
- prevent brute force password attacks. It is also necessary to change
+ crypt method, use the much more secure
+ YESCRYPT method of password encryption, which also
+ allows passwords longer than 8 characters.
+ It is also necessary to change
the obsolete /var/spool/mail location
for user mailboxes that Shadow uses by default to the /var/mail location used currently. And,
@@ -81,10 +80,9 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;
-sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \
- -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@' \
- -e 's:/var/spool/mail:/var/mail:' \
- -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
+sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \
+ -e 's:/var/spool/mail:/var/mail:' \
+ -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
-i etc/login.defs
@@ -106,8 +104,9 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;Prepare Shadow for compilation:
touch /usr/bin/passwd
-./configure --sysconfdir=/etc \
- --disable-static \
+./configure --sysconfdir=/etc \
+ --disable-static \
+ --with-{b,yes}crypt \
--with-group-name-max-length=32
@@ -122,6 +121,21 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;
+
+
+ --with-{b,yes}crypt
+
+ The shell expands this to two switches,
+ --with-bcrypt and
+ --with-yescrypt. They allow shadow to use
+ the Bcrypt and Yescrypt algorithms implemented by
+ Libxcrypt for hashing passwords.
+ These algorithms are more secure (in particular, much more
+ resistant to GPU-based attacks) than the traditional SHA
+ algorithms.
+
+
+
--with-group-name-max-length=32
diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml
index f38395347..949a3667d 100644
--- a/chapter10/kernel.xml
+++ b/chapter10/kernel.xml
@@ -166,7 +166,6 @@ General setup --->
< > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS]
[*] Control Group support [CONFIG_CGROUPS] --->
[*] Memory controller [CONFIG_MEMCG]
- [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED]
[ ] Configure standard kernel features (expert users) [CONFIG_EXPERT]
General architecture-dependent options --->
[*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP]
diff --git a/packages.ent b/packages.ent
index 8182c4e91..8c29d157e 100644
--- a/packages.ent
+++ b/packages.ent
@@ -432,7 +432,7 @@
-
+