From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from optimeas.de ([78.46.18.2]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WLIJL-00047w-VY for ptxdist@pengutronix.de; Wed, 05 Mar 2014 21:21:04 +0100 Received: from [127.0.0.1] (p5DCF59B4.dip0.t-ipconnect.de [93.207.89.180]) by optimeas.de (Postfix) with ESMTPSA id A72C542026CF for ; Wed, 5 Mar 2014 21:20:58 +0100 (CET) From: "Matthias Klein" Date: Wed, 05 Mar 2014 20:21:01 +0000 In-Reply-To: Message-Id: Mime-Version: 1.0 Subject: Re: [ptxdist] Busybox password hashing algorithm Reply-To: ptxdist@pengutronix.de, Matthias Klein List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Hello Marc, I have found the solution: the default algorithm for passwd can be set with the config option CONFIG_FEATURE_DEFAULT_PASSWD_ALGO. I will send a patch tomorrow. Best regards, Matthias ------ Originalnachricht ------ Von: "Matthias Klein" An: "ptxdist@pengutronix.de" Gesendet: 05.03.2014 20:19:50 Betreff: Re: [ptxdist] Busybox password hashing algorithm >Hello Marc, > >thanks a lot for the tip ! > >With that option I can login with a SHA hashed password (starts with >$6$). >But if I change the password with passwd (from busybox) I get again a >"weak" hashed password. > >I looked for a similar config option for passwd, but can't find one. >Is there a way to create SHA hashs with passwd from busybox ? > > >Best regards, >Matthias > > >------ Originalnachricht ------ >Von: "Marc Kleine-Budde" >An: ptxdist@pengutronix.de; "Matthias Klein" > >Gesendet: 05.03.2014 19:55:14 >Betreff: Re: [ptxdist] Busybox password hashing algorithm >>On 03/05/2014 07:47 PM, Matthias Klein wrote: >>> Hello, >>> >>> our ptxdist 2014.01.0 based product got an external security audit. >>> They complained that our passwords in the shadow file are hashed >>>with >>> the outdated crypt(3) algorithm. >>> Her advice is to use bcrypt, PBKDF2 or scrpy. >>> >>> We are using busybox for passwd etc. >>> >>> Is this a busybox limitation? Or can we change the hashing algorithm >>>in >>> busybox? >>> Or do we need to replace busybox' passwd etc. with something better? >> >>Have a look at the BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA >>option. >> >>Marc >> >>-- >>Pengutronix e.K. | Marc Kleine-Budde | >>Industrial Linux Solutions | Phone: +49-231-2826-924 | >>Vertretung West/Dortmund | Fax: +49-5121-206917-5555 | >>Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de | >> > > >-- ptxdist mailing list >ptxdist@pengutronix.de > -- ptxdist mailing list ptxdist@pengutronix.de