From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from optimeas.de ([78.46.18.2])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <matthias.klein@optimeas.de>) id 1WLIJL-00047w-VY
	for ptxdist@pengutronix.de; Wed, 05 Mar 2014 21:21:04 +0100
Received: from [127.0.0.1] (p5DCF59B4.dip0.t-ipconnect.de [93.207.89.180])
	by optimeas.de (Postfix) with ESMTPSA id A72C542026CF
	for <ptxdist@pengutronix.de>; Wed,  5 Mar 2014 21:20:58 +0100 (CET)
From: "Matthias Klein" <matthias.klein@optimeas.de>
Date: Wed, 05 Mar 2014 20:21:01 +0000
In-Reply-To: <em138b9dea-c66d-44b6-b971-9f950eafe6e4@nb-mak>
Message-Id: <eme7a53074-e075-4a7f-aff4-abd7d0bba770@nb-mak>
Mime-Version: 1.0
Subject: Re: [ptxdist] Busybox password hashing algorithm
Reply-To: ptxdist@pengutronix.de, Matthias Klein <matthias.klein@optimeas.de>
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de

Hello Marc,

I have found the solution: the default algorithm for passwd can be set 
with the config option CONFIG_FEATURE_DEFAULT_PASSWD_ALGO.

I will send a patch tomorrow.


Best regards,
Matthias

------ Originalnachricht ------
Von: "Matthias Klein" <matthias.klein@optimeas.de>
An: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>
Gesendet: 05.03.2014 20:19:50
Betreff: Re: [ptxdist] Busybox password hashing algorithm
>Hello Marc,
>
>thanks a lot for the tip !
>
>With that option I can login with a SHA hashed password (starts with 
>$6$).
>But if I change the password with passwd (from busybox) I get again a 
>"weak" hashed password.
>
>I looked for a similar config option for passwd, but can't find one.
>Is there a way to create SHA hashs with passwd from busybox ?
>
>
>Best regards,
>Matthias
>
>
>------ Originalnachricht ------
>Von: "Marc Kleine-Budde" <mkl@pengutronix.de>
>An: ptxdist@pengutronix.de; "Matthias Klein" 
><matthias.klein@optimeas.de>
>Gesendet: 05.03.2014 19:55:14
>Betreff: Re: [ptxdist] Busybox password hashing algorithm
>>On 03/05/2014 07:47 PM, Matthias Klein wrote:
>>>  Hello,
>>>
>>>  our ptxdist 2014.01.0 based product got an external security audit.
>>>  They complained that our passwords in the shadow file are hashed 
>>>with
>>>  the outdated crypt(3) algorithm.
>>>  Her advice is to use bcrypt, PBKDF2 or scrpy.
>>>
>>>  We are using busybox for passwd etc.
>>>
>>>  Is this a busybox limitation? Or can we change the hashing algorithm 
>>>in
>>>  busybox?
>>>  Or do we need to replace busybox' passwd etc. with something better?
>>
>>Have a look at the BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA
>>option.
>>
>>Marc
>>
>>--
>>Pengutronix e.K. | Marc Kleine-Budde |
>>Industrial Linux Solutions | Phone: +49-231-2826-924 |
>>Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
>>Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
>>
>
>
>-- ptxdist mailing list
>ptxdist@pengutronix.de
>


-- 
ptxdist mailing list
ptxdist@pengutronix.de