From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: <ptxdist-bounces@pengutronix.de> Received: from optimeas.de ([78.46.18.2]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from <matthias.klein@optimeas.de>) id 1WLIJL-00047w-VY for ptxdist@pengutronix.de; Wed, 05 Mar 2014 21:21:04 +0100 Received: from [127.0.0.1] (p5DCF59B4.dip0.t-ipconnect.de [93.207.89.180]) by optimeas.de (Postfix) with ESMTPSA id A72C542026CF for <ptxdist@pengutronix.de>; Wed, 5 Mar 2014 21:20:58 +0100 (CET) From: "Matthias Klein" <matthias.klein@optimeas.de> Date: Wed, 05 Mar 2014 20:21:01 +0000 In-Reply-To: <em138b9dea-c66d-44b6-b971-9f950eafe6e4@nb-mak> Message-Id: <eme7a53074-e075-4a7f-aff4-abd7d0bba770@nb-mak> Mime-Version: 1.0 Subject: Re: [ptxdist] Busybox password hashing algorithm Reply-To: ptxdist@pengutronix.de, Matthias Klein <matthias.klein@optimeas.de> List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de> List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe> List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist> List-Post: <mailto:ptxdist@pengutronix.de> List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help> List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, <mailto:ptxdist-request@pengutronix.de?subject=subscribe> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Hello Marc, I have found the solution: the default algorithm for passwd can be set with the config option CONFIG_FEATURE_DEFAULT_PASSWD_ALGO. I will send a patch tomorrow. Best regards, Matthias ------ Originalnachricht ------ Von: "Matthias Klein" <matthias.klein@optimeas.de> An: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de> Gesendet: 05.03.2014 20:19:50 Betreff: Re: [ptxdist] Busybox password hashing algorithm >Hello Marc, > >thanks a lot for the tip ! > >With that option I can login with a SHA hashed password (starts with >$6$). >But if I change the password with passwd (from busybox) I get again a >"weak" hashed password. > >I looked for a similar config option for passwd, but can't find one. >Is there a way to create SHA hashs with passwd from busybox ? > > >Best regards, >Matthias > > >------ Originalnachricht ------ >Von: "Marc Kleine-Budde" <mkl@pengutronix.de> >An: ptxdist@pengutronix.de; "Matthias Klein" ><matthias.klein@optimeas.de> >Gesendet: 05.03.2014 19:55:14 >Betreff: Re: [ptxdist] Busybox password hashing algorithm >>On 03/05/2014 07:47 PM, Matthias Klein wrote: >>> Hello, >>> >>> our ptxdist 2014.01.0 based product got an external security audit. >>> They complained that our passwords in the shadow file are hashed >>>with >>> the outdated crypt(3) algorithm. >>> Her advice is to use bcrypt, PBKDF2 or scrpy. >>> >>> We are using busybox for passwd etc. >>> >>> Is this a busybox limitation? Or can we change the hashing algorithm >>>in >>> busybox? >>> Or do we need to replace busybox' passwd etc. with something better? >> >>Have a look at the BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA >>option. >> >>Marc >> >>-- >>Pengutronix e.K. | Marc Kleine-Budde | >>Industrial Linux Solutions | Phone: +49-231-2826-924 | >>Vertretung West/Dortmund | Fax: +49-5121-206917-5555 | >>Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de | >> > > >-- ptxdist mailing list >ptxdist@pengutronix.de > -- ptxdist mailing list ptxdist@pengutronix.de