[Buildroot] [PATCH 2/2] system cfg: remove passwd MD5 format

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 2/2] system cfg: remove passwd MD5 format
Date: Wed, 5 Dec 2018 22:55:42 +0100	[thread overview]
Message-ID: <20181205215542.GB2561@scaer> (raw)
In-Reply-To: <1544027592-35204-2-git-send-email-matthew.weber@rockwellcollins.com>

Matt, All,

On 2018-12-05 10:33 -0600, Matt Weber spake thusly:
> As SHA256 is now default, removing weak MD5 option.  C libraries now
> all support the SHA methods.
>     glibc 2.7+
>     uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
>     musl 1.1.14+
> 
> One issue this would prevent is a host tool issue with a FIPS enabled
> system where weak ciphers/methods are disabled. The crypt(3) call
> checks /proc/sys/crypto/fips_enabled and would result in mkpasswd
> returning "crypt failed."  Rather then create a host dependency check
> this patch removes the potential issue.
> 
> Cc: Yann E. MORIN <yann.morin.1998@free.fr>
> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>

Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

Regards,
Yann E. MORIN.

> ---
>  Config.in.legacy |  8 ++++++++
>  system/Config.in | 10 ----------
>  2 files changed, 8 insertions(+), 10 deletions(-)
> 
> diff --git a/Config.in.legacy b/Config.in.legacy
> index 02321c8..d70654c 100644
> --- a/Config.in.legacy
> +++ b/Config.in.legacy
> @@ -143,6 +143,14 @@ comment "----------------------------------------------------"
>  endif
>  
>  ###############################################################################
> +
> +config BR2_TARGET_GENERIC_PASSWD_MD5
> +	bool "target passwd md5 format support has been removed"
> +	select BR2_LEGACY
> +	help
> +	  The default has been moved to SHA256 and all C libraries
> +	  now support that method by default
> +
>  comment "Legacy options removed in 2018.11"
>  
>  config BR2_TARGET_XLOADER
> diff --git a/system/Config.in b/system/Config.in
> index 2123d33..9a87b1b 100644
> --- a/system/Config.in
> +++ b/system/Config.in
> @@ -68,16 +68,6 @@ choice
>  
>  	  Note: this is used at build-time, and *not* at runtime.
>  
> -config BR2_TARGET_GENERIC_PASSWD_MD5
> -	bool "md5"
> -	help
> -	  Use MD5 to encode passwords.
> -
> -	  The default. Wildly available, and pretty good.
> -	  Although pretty strong, MD5 is now an old hash function, and
> -	  suffers from some weaknesses, which makes it susceptible to
> -	  brute-force attacks.
> -
>  config BR2_TARGET_GENERIC_PASSWD_SHA256
>  	bool "sha-256"
>  	help
> -- 
> 1.9.1
> 

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

next prev parent reply	other threads:[~2018-12-05 21:55 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-05 16:33 [Buildroot] [PATCH 1/2] system cfg: default mkpasswd to SHA Matt Weber
2018-12-05 16:33 ` [Buildroot] [PATCH 2/2] system cfg: remove passwd MD5 format Matt Weber
2018-12-05 21:55   ` Yann E. MORIN [this message]
2018-12-06  1:08   ` Matthew Weber
2018-12-06  1:54     ` Matthew Weber
2018-12-05 21:54 ` [Buildroot] [PATCH 1/2] system cfg: default mkpasswd to SHA Yann E. MORIN

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181205215542.GB2561@scaer \
    --to=yann.morin.1998@free.fr \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.