| Message ID | 1544061989-7450-3-git-send-email-matthew.weber@rockwellcollins.com |
|---|---|
| State | Accepted |
| Commit | bf3626002fbdf9802372b0127195b4824faf1337 |
| Headers | show |
| Series | [v2,1/3] system cfg: update mkpasswd SHA option txt | expand |
>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes: > As SHA256 is now default, removing weak MD5 option. C libraries now > all support the SHA methods. > glibc 2.7+ > uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...) > musl 1.1.14+ > One issue this would prevent, is a host tool issue with a FIPS enabled > system where weak ciphers/methods are disabled. It seems the crypt(3) > call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man > page). It results in mkpasswd returning "(EPERM) crypt failed." > Rather then create a Buildroot host dependency check, this patch > removes the potential corner case from being selected. > Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> > Cc: "Yann E. MORIN" <yann.morin.1998@free.fr> > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> I was hesitating about this, but as you can still provide a pre-hashed md5 password (if your host system supports it) I guess it is OK. Committed, thanks.
diff --git a/Config.in.legacy b/Config.in.legacy index 02321c8..d70654c 100644 --- a/Config.in.legacy +++ b/Config.in.legacy @@ -143,6 +143,14 @@ comment "----------------------------------------------------" endif ############################################################################### + +config BR2_TARGET_GENERIC_PASSWD_MD5 + bool "target passwd md5 format support has been removed" + select BR2_LEGACY + help + The default has been moved to SHA256 and all C libraries + now support that method by default + comment "Legacy options removed in 2018.11" config BR2_TARGET_XLOADER diff --git a/system/Config.in b/system/Config.in index 65c92a8..0f77b9b 100644 --- a/system/Config.in +++ b/system/Config.in @@ -68,16 +68,6 @@ choice Note: this is used at build-time, and *not* at runtime. -config BR2_TARGET_GENERIC_PASSWD_MD5 - bool "md5" - help - Use MD5 to encode passwords. - - The default. Wildly available, and pretty good. - Although pretty strong, MD5 is now an old hash function, and - suffers from some weaknesses, which makes it susceptible to - brute-force attacks. - config BR2_TARGET_GENERIC_PASSWD_SHA256 bool "sha-256" help
As SHA256 is now default, removing weak MD5 option. C libraries now all support the SHA methods. glibc 2.7+ uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...) musl 1.1.14+ One issue this would prevent, is a host tool issue with a FIPS enabled system where weak ciphers/methods are disabled. It seems the crypt(3) call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man page). It results in mkpasswd returning "(EPERM) crypt failed." Rather then create a Buildroot host dependency check, this patch removes the potential corner case from being selected. Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 - Updated description wording --- Config.in.legacy | 8 ++++++++ system/Config.in | 10 ---------- 2 files changed, 8 insertions(+), 10 deletions(-)