[OpenWrt-Devel] r46816, remove unused crypt() algorithms -> switch to sha512?

Etienne Champetier champetier.etienne at gmail.com
Mon Sep 14 18:22:29 EDT 2015


Hi Felix,

Maybe we should keep sha512 and switch to it? md5 is not best security
practice these days.
I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow

I wonder if AF_ALG can be of any interest here (integrate needed algo by
default into the kernel, then patch core software to use kernel
implementation)

To conclude maybe you should emit a clear error when we try a now
unsupported hash,
because crypt can be used by other app, so maybe you just broke another app
and someone will waste a good amount of time debugging it

Regards
Etienne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150915/1cb30b20/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list