[FS#3911] Consider changing /etc/shadow's default password hashing algorithm

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Sat Jul 3 07:58:56 PDT 2021


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Mihai-Drosi Caju (mcaju) 

Attached to Project - OpenWrt/LEDE Project
Summary - Consider changing /etc/shadow's default password hashing algorithm
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - Currently the default algorithm used for storing passwords in /etc/shadow is md5crypt.
For security reasons this should be changed to a more suitable algorithm.
The present passwd implementation in busybox supports sha256crypt as well as sha512crypt.

This would require a simple patch at https://github.com/openwrt/openwrt/blob/master/package/utils/busybox/Config-defaults.in#L1325-L1327

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3911

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list