Arch Linux developers have announced a change in the default password scheme for the operating system. They are now using Sha512 on yescrypt, which expands the capabilities of the previous scrypt algorithm by allowing for schemes with larger RAM usage. This change reduces the effectiveness of attacks using GPU, FPGA, and specialized chips. YESCRYPT ensures safety through the use of proven cryptographic primitives such as SHA-256, HMAC, and PBKDF2. The settings of the parameter umask will now be stored in the configuration file /etc/login.defs instead of /etc/profile.
The disadvantages of the previously used password charts based on the SHA512 algorithm include the need for large Salt values, exposure to DOS attacks through the creation of a parasitic load on the CPU when processing long passwords, vulnerability to attacks that determine the password size based on the processing time of the hash, and working without a cryptographic function for key formation (KDF).
In addition, Arch Linux has released an update for its installer. Archinstall 2.6.1 can now be used as an alternative to the manual mode of installation. It offers dialogue and automated installation modes. In the dialogue mode, the installer prompts the user with questions covering basic settings and actions from the installation guidelines. In the automated mode, scripts can be used for deploying typical configurations. The installer also supports installation profiles for different purposes, such as “Desktop” for selecting a desktop environment and installing necessary packages, or “WebServer” and “Database” for installing web servers and DBMS.
The new version of Archinstall also includes several new features. Users now have the option to assign an arbitrary number of parallel downloads. The console display manager ly can be used instead of the default one, and Slick-Greeter is now supported in LightdM. The hyprland environment profile has also been updated with new additions.