Project

General

Profile

Actions

Bug #9096

closed

passwords (policy.conf) should default to sha512

Added by Rich Lowe over 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
system data
Start date:
2018-02-10
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:

Description

currently they're at sha256. There's no reason not to default to sha512.

Actions #1

Updated by Ryan England almost 3 years ago

  • Assignee set to Ryan England
Actions #2

Updated by Ryan England almost 3 years ago

The current configuration generates passwords using sha256.

ryan@openindiana:/code/illumos-gate$ sudo passwd test1
New Password: 
Re-enter new Password: 
passwd: password successfully changed for test1
ryan@openindiana:/code/illumos-gate$ sudo grep test1 /etc/shadow
test1:$5$pbWT57pX$QVmU7JcEtqgyd9rKaxG1RrQU/0Ob7fux03rxjE7VnJ1:18050::::::
Actions #3

Updated by Ryan England almost 3 years ago

The new configuration generates passwords using sha512.

ryan@openindiana:~$ sudo passwd test2
New Password: 
Re-enter new Password: 
passwd: password successfully changed for test2
ryan@openindiana:~$ sudo grep test2 /etc/shadow
test2:$6$aXCY1k5a$RBNqxxyXeoL6vgYPBq./bNAFTwfw6I9q.7f4v.DwIgjt8ouXRbie.SL7fSX.iLyZogqEoNr2MNbdMiPZHKXys0:18051::::::
Actions #4

Updated by Electric Monk over 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit a9370e9f996b7ce61bb1a9612a0625161a922320

commit  a9370e9f996b7ce61bb1a9612a0625161a922320
Author: Ryan C. England <rcengland@gmail.com>
Date:   2019-08-20T14:37:14.000Z

    9096 passwords (policy.conf) should default to sha512
    Reviewed by: Peter Tribble <peter.tribble@gmail.com>
    Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF