Are we still use md5 as default as password hash?
abnoeh
abnoeh at mail.com
Thu Jan 18 23:38:32 PST 2024
sorry, use_bcrypt isn't something in mainline busybox but a patched
vesrion so I think sha256 is best option here
2024-01-19 오후 4:28에 abnoeh 이(가) 쓴 글:
> that option only applies if we use busybox internal crypt,
> BUSYBOX_DEFAULT_USE_BB_CRYPT is set but we don't so it doesn't needed
> (it's using musl here)
>
> you'd need to change this option (line 1367) on same file
>
> config BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO
> string
> default "md5"
>
> to something better like sha256 or sha512: this will make all new
> passwds to use new hash (shell or luci), but won't upgrade without user
> changing it first. but we'd better expose and set USE_BCRYPT of busybox
> option to be able to use bcrypt here (not sure routers cpu can handle it
> as it's made to be slow though.
>
> 2024-01-18 오후 8:21에 Paul Spooren 이(가) 쓴 글:
>> Hi,
>>
>>> however Busybox doesn't configed to use those and still use md5 as
>>> default, while we bring other hash algos into flash anyway:
>> Does the following do the trick?
>>
>> diff --git a/package/utils/busybox/Config-defaults.in
>> b/package/utils/busybox/Config-defaults.in
>> index b3c3f9a0b2..5ae8dd5622 100644
>> --- a/package/utils/busybox/Config-defaults.in
>> +++ b/package/utils/busybox/Config-defaults.in
>> @@ -1333,7 +1333,7 @@ config BUSYBOX_DEFAULT_USE_BB_CRYPT
>> default n
>> config BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA
>> bool
>> - default n
>> + default y
>> config BUSYBOX_DEFAULT_ADD_SHELL
>> bool
>> default n
>>
>> If so I’d create a PR
>>
>> Best,
>> Paul
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list