mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* Re: [ptxdist] Busybox password hashing algorithm
@ 2014-03-05 19:19 Matthias Klein
  2014-03-05 20:21 ` Matthias Klein
  0 siblings, 1 reply; 4+ messages in thread
From: Matthias Klein @ 2014-03-05 19:19 UTC (permalink / raw)
  To: ptxdist

Hello Marc,

thanks a lot for the tip !

With that option I can login with a SHA hashed password (starts with 
$6$).
But if I change the password with passwd (from busybox) I get again a 
"weak" hashed password.

I looked for a similar config option for passwd, but can't find one.
Is there a way to create SHA hashs with passwd from busybox ?


Best regards,
Matthias


------ Originalnachricht ------
Von: "Marc Kleine-Budde" <mkl@pengutronix.de>
An: ptxdist@pengutronix.de; "Matthias Klein" 
<matthias.klein@optimeas.de>
Gesendet: 05.03.2014 19:55:14
Betreff: Re: [ptxdist] Busybox password hashing algorithm
>On 03/05/2014 07:47 PM, Matthias Klein wrote:
>>  Hello,
>>
>>  our ptxdist 2014.01.0 based product got an external security audit.
>>  They complained that our passwords in the shadow file are hashed with
>>  the outdated crypt(3) algorithm.
>>  Her advice is to use bcrypt, PBKDF2 or scrpy.
>>
>>  We are using busybox for passwd etc.
>>
>>  Is this a busybox limitation? Or can we change the hashing algorithm 
>>in
>>  busybox?
>>  Or do we need to replace busybox' passwd etc. with something better?
>
>Have a look at the BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA
>option.
>
>Marc
>
>--
>Pengutronix e.K. | Marc Kleine-Budde |
>Industrial Linux Solutions | Phone: +49-231-2826-924 |
>Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
>Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
>


-- 
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [ptxdist] Busybox password hashing algorithm
@ 2014-03-05 18:47 Matthias Klein
  2014-03-05 18:55 ` Marc Kleine-Budde
  0 siblings, 1 reply; 4+ messages in thread
From: Matthias Klein @ 2014-03-05 18:47 UTC (permalink / raw)
  To: ptxdist


[-- Attachment #1.1: Type: text/plain, Size: 457 bytes --]

Hello,

our ptxdist 2014.01.0 based product got an external security audit.
They complained that our passwords in the shadow file are hashed with 
the outdated crypt(3) algorithm.
Her advice is to use bcrypt, PBKDF2 or scrpy.

We are using busybox for passwd etc.

Is this a busybox limitation? Or can we change the hashing algorithm in 
busybox?
Or do we need to replace busybox' passwd etc. with something better?


Best regards,
Matthias

[-- Attachment #1.2: Type: text/html, Size: 1861 bytes --]

[-- Attachment #2: Type: text/plain, Size: 48 bytes --]

-- 
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-03-05 20:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-05 19:19 [ptxdist] Busybox password hashing algorithm Matthias Klein
2014-03-05 20:21 ` Matthias Klein
  -- strict thread matches above, loose matches on Subject: below --
2014-03-05 18:47 Matthias Klein
2014-03-05 18:55 ` Marc Kleine-Budde

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox