Are we still use md5 as default as password hash?

Paul Spooren mail at aparcar.org
Fri Jan 19 11:06:39 PST 2024 

If there is no objection I’d go ahead and merge this?

https://github.com/openwrt/openwrt/pull/14426

* busybox: enable sha hash for /etc/shadow
* busybox: switch to sha256 for passwd

Best,
Paul


> On Jan 19, 2024, at 08:38, abnoeh <abnoeh at mail.com> wrote:
> 
> sorry, use_bcrypt isn't something in mainline busybox but a patched
> vesrion so I think sha256 is best option here
> 
> 2024-01-19 오후 4:28에 abnoeh 이(가) 쓴 글:
>> that option only applies if we use busybox internal crypt,
>> BUSYBOX_DEFAULT_USE_BB_CRYPT is set but we don't so it doesn't needed
>> (it's using musl here)
>> 
>> you'd need to change this option (line 1367) on same file
>> 
>> config BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO
>>         string
>>         default "md5"
>> 
>> to something better like sha256 or sha512: this will make all new
>> passwds to use new hash (shell or luci), but won't upgrade without user
>> changing it first. but we'd better expose and set USE_BCRYPT of busybox
>> option to be able to use bcrypt here (not sure routers cpu can handle it
>> as it's made to be slow though.
>> 
>> 2024-01-18 오후 8:21에 Paul Spooren 이(가) 쓴 글:
>>> Hi,
>>> 
>>>> however Busybox doesn't configed to use those and still use md5 as
>>>> default, while we bring other hash algos into flash anyway:
>>> Does the following do the trick?
>>> 
>>> diff --git a/package/utils/busybox/Config-defaults.in
>>> b/package/utils/busybox/Config-defaults.in
>>> index b3c3f9a0b2..5ae8dd5622 100644
>>> --- a/package/utils/busybox/Config-defaults.in
>>> +++ b/package/utils/busybox/Config-defaults.in
>>> @@ -1333,7 +1333,7 @@ config BUSYBOX_DEFAULT_USE_BB_CRYPT
>>>          default n
>>>   config BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
>>>          bool
>>> -       default n
>>> +       default y
>>>   config BUSYBOX_DEFAULT_ADD_SHELL
>>>          bool
>>>          default n
>>> 
>>> If so I’d create a PR
>>> 
>>> Best,
>>> Paul
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>> 
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list