From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from optimeas.de ([78.46.18.2])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <matthias.klein@optimeas.de>) id 1WLHM9-0000qe-Qf
	for ptxdist@pengutronix.de; Wed, 05 Mar 2014 20:19:54 +0100
From: "Matthias Klein" <matthias.klein@optimeas.de>
Date: Wed, 05 Mar 2014 19:19:50 +0000
Message-Id: <em138b9dea-c66d-44b6-b971-9f950eafe6e4@nb-mak>
Mime-Version: 1.0
Subject: Re: [ptxdist] Busybox password hashing algorithm
Reply-To: ptxdist@pengutronix.de, Matthias Klein <matthias.klein@optimeas.de>
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>

Hello Marc,

thanks a lot for the tip !

With that option I can login with a SHA hashed password (starts with 
$6$).
But if I change the password with passwd (from busybox) I get again a 
"weak" hashed password.

I looked for a similar config option for passwd, but can't find one.
Is there a way to create SHA hashs with passwd from busybox ?


Best regards,
Matthias


------ Originalnachricht ------
Von: "Marc Kleine-Budde" <mkl@pengutronix.de>
An: ptxdist@pengutronix.de; "Matthias Klein" 
<matthias.klein@optimeas.de>
Gesendet: 05.03.2014 19:55:14
Betreff: Re: [ptxdist] Busybox password hashing algorithm
>On 03/05/2014 07:47 PM, Matthias Klein wrote:
>>  Hello,
>>
>>  our ptxdist 2014.01.0 based product got an external security audit.
>>  They complained that our passwords in the shadow file are hashed with
>>  the outdated crypt(3) algorithm.
>>  Her advice is to use bcrypt, PBKDF2 or scrpy.
>>
>>  We are using busybox for passwd etc.
>>
>>  Is this a busybox limitation? Or can we change the hashing algorithm 
>>in
>>  busybox?
>>  Or do we need to replace busybox' passwd etc. with something better?
>
>Have a look at the BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA
>option.
>
>Marc
>
>--
>Pengutronix e.K. | Marc Kleine-Budde |
>Industrial Linux Solutions | Phone: +49-231-2826-924 |
>Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
>Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
>


-- 
ptxdist mailing list
ptxdist@pengutronix.de