Hello Marc,
thanks a lot for the tip !
With that option I can login with a SHA hashed password (starts with
$6$).
But if I change the password with passwd (from busybox) I get again a
"weak" hashed password.
I looked for a similar config option for passwd, but can't find one.
Is there a way to create SHA hashs with passwd from busybox ?
Best regards,
Matthias
------ Originalnachricht ------
Von: "Marc Kleine-Budde" <[email protected]>
An: [email protected]; "Matthias Klein"
<[email protected]>
Gesendet: 05.03.2014 19:55:14
Betreff: Re: [ptxdist] Busybox password hashing algorithm
On 03/05/2014 07:47 PM, Matthias Klein wrote:
Hello,
our ptxdist 2014.01.0 based product got an external security audit.
They complained that our passwords in the shadow file are hashed with
the outdated crypt(3) algorithm.
Her advice is to use bcrypt, PBKDF2 or scrpy.
We are using busybox for passwd etc.
Is this a busybox limitation? Or can we change the hashing algorithm
in
busybox?
Or do we need to replace busybox' passwd etc. with something better?
Have a look at the BUSYBOX_USE_BB_CRYPT and BUSYBOX_USE_BB_CRYPT_SHA
option.
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Industrial Linux Solutions | Phone: +49-231-2826-924 |
Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
--
ptxdist mailing list
[email protected]
