2015-02-02 13:19 GMT+09:00 Rich Felker <[email protected]>: > On Mon, Feb 02, 2015 at 10:33:24AM +0900, 김혜진 wrote: > > Hello. I share a patch of su command. > > > > > > ---------- Forwarded message ---------- > > From: 김혜진 <[email protected]> > > Date: 2015-01-29 21:35 GMT+09:00 > > Subject: Re: su patch > > To: Rob Landley <[email protected]> > > > > > > Hi. Rob > > > > I Send you fixed patch. > > > > As I look at passwd and mkpasswd, default encryption method is "des". > > Because useradd calls passwd with no option of encryption method, it make > > "des" encrypted password. > > It was the fact. > > So, I changed the default encryption method to "md5". > > But, su cannot check if 0 index of password is $, because user can choose > > "des" at any time if they want. > > > > plz check my patch! > > > > And, If you have more time, plz review my questions regarding netcat. > > md5 is not better and probably worse than des. You should be using > bcrypt if the system supports it and otherwise sha256, sha512, or the > enhanced des support some systems have. These could be tried as > sequential fallbacks. > > Rich >
My goal was to fix bug of su. Changing des to md5 was optional. refered to busybox's behavior and it fills $1$ first if use give no encryption option. And anyone can help if he knows encryption well.
_______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
