From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from optimeas.de ([78.46.18.2])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <matthias.klein@optimeas.de>) id 1WLGr2-0007pt-3X
	for ptxdist@pengutronix.de; Wed, 05 Mar 2014 19:47:44 +0100
From: "Matthias Klein" <matthias.klein@optimeas.de>
Date: Wed, 05 Mar 2014 18:47:41 +0000
Message-Id: <em441128f2-13c0-449b-b0ab-376fd5eede0f@nb-mak>
Mime-Version: 1.0
Subject: [ptxdist] Busybox password hashing algorithm
Reply-To: ptxdist@pengutronix.de, Matthias Klein <matthias.klein@optimeas.de>
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1362892752=="
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>


--===============1362892752==
Content-Type: multipart/alternative;
 boundary="------=_MBADA3CDA2-3D99-479D-BCEA-8843A64FE19F"


--------=_MBADA3CDA2-3D99-479D-BCEA-8843A64FE19F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; format=flowed; charset=utf-8

Hello,

our ptxdist 2014.01.0 based product got an external security audit.
They complained that our passwords in the shadow file are hashed with=20
the outdated crypt(3) algorithm.
Her advice is to use bcrypt, PBKDF2 or scrpy.

We are using busybox for passwd etc.

Is this a busybox limitation? Or can we change the hashing algorithm in=20
busybox?
Or do we need to replace busybox' passwd etc. with something better?


Best regards,
Matthias

--------=_MBADA3CDA2-3D99-479D-BCEA-8843A64FE19F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=utf-8

<HTML><HEAD>
<STYLE id=3DeMClientCss>BLOCKQUOTE.cite {
	PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 1px solid; PADD=
ING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
.plain PRE {
	FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE:=
 normal
}
.plain TT {
	FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE:=
 normal
}
BODY {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain PRE {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
#60f7014ddf5d4d31ac3198e2508a0d1f {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
.plain TT {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
#b84b3646ffd14a62a7ff51b58039c7fd #60f7014ddf5d4d31ac3198e2508a0d1f {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
</STYLE>

<STYLE title=3DsignatureStyle>.plain TT {
	FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE:=
 normal
}
.plain TT {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
</STYLE>
</HEAD>
<BODY>
<DIV>Hello,</DIV>
<DIV>&nbsp;</DIV>
<DIV>our ptxdist 2014.01.0 based product got an external&nbsp;security audi=
t. </DIV>
<DIV>They complained that our passwords in the shadow file are hashed with=
 the outdated crypt(3) algorithm.</DIV>
<DIV><SPAN id=3Db84b3646ffd14a62a7ff51b58039c7fd>
<DIV><SPAN>Her advice is to use bcrypt, PBKDF2 or scrpy.</SPAN></DIV></SPAN=
></DIV>
<DIV>&nbsp;</DIV>
<DIV><SPAN id=3D60f7014ddf5d4d31ac3198e2508a0d1f>We are using busybox for=
 passwd etc.</SPAN></DIV>
<DIV><SPAN></SPAN>&nbsp;</DIV>
<DIV><SPAN>Is&nbsp;this a busybox limitation? Or can we change the hashing=
 algorithm in busybox?</SPAN></DIV>
<DIV><SPAN>Or do we need to replace busybox' passwd etc. with something =
better?</SPAN></DIV>
<DIV><SPAN></SPAN>&nbsp;</DIV>
<DIV><SPAN></SPAN><SPAN></SPAN>&nbsp;</DIV>
<DIV><SPAN>Best regards,</SPAN></DIV>
<DIV><SPAN>Matthias</SPAN></DIV>
<DIV><SPAN></SPAN>&nbsp;</DIV></BODY></HTML>
--------=_MBADA3CDA2-3D99-479D-BCEA-8843A64FE19F--



--===============1362892752==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ptxdist mailing list
ptxdist@pengutronix.de

--===============1362892752==--