From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Message-ID: <53177312.1090205@pengutronix.de>
Date: Wed, 05 Mar 2014 19:55:14 +0100
From: Marc Kleine-Budde <mkl@pengutronix.de>
MIME-Version: 1.0
References: <em441128f2-13c0-449b-b0ab-376fd5eede0f@nb-mak>
In-Reply-To: <em441128f2-13c0-449b-b0ab-376fd5eede0f@nb-mak>
Subject: Re: [ptxdist] Busybox password hashing algorithm
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0631689356=="
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de, Matthias Klein <matthias.klein@optimeas.de>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0631689356==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="kjk3vM7h4pgM5UP0SfX2jqW9OVI3kJtfb"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--kjk3vM7h4pgM5UP0SfX2jqW9OVI3kJtfb
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/05/2014 07:47 PM, Matthias Klein wrote:
> Hello,
> =20
> our ptxdist 2014.01.0 based product got an external security audit.
> They complained that our passwords in the shadow file are hashed with
> the outdated crypt(3) algorithm.
> Her advice is to use bcrypt, PBKDF2 or scrpy.
> =20
> We are using busybox for passwd etc.
> =20
> Is this a busybox limitation? Or can we change the hashing algorithm in=

> busybox?
> Or do we need to replace busybox' passwd etc. with something better?

Have a look at the  BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA
option.

Marc

--=20
Pengutronix e.K.                  | Marc Kleine-Budde           |
Industrial Linux Solutions        | Phone: +49-231-2826-924     |
Vertretung West/Dortmund          | Fax:   +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686  | http://www.pengutronix.de   |


--kjk3vM7h4pgM5UP0SfX2jqW9OVI3kJtfb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iEYEARECAAYFAlMXcxUACgkQjTAFq1RaXHO3xwCfcnxKHBmkerZnEyzLirmFXh4L
NaIAn0rLA9u+V0gUjxThBZV6h9cutZJw
=MVLE
-----END PGP SIGNATURE-----

--kjk3vM7h4pgM5UP0SfX2jqW9OVI3kJtfb--


--===============0631689356==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ptxdist mailing list
ptxdist@pengutronix.de

--===============0631689356==--