[git.ipfire.org] IPFire 2.x development tree branch, core106, updated. 96473f525dcec4115b9bab0b305ff5b92194b134

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 3046 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, core106 has been updated
       via  96473f525dcec4115b9bab0b305ff5b92194b134 (commit)
      from  6920fbe86df2cacefc1a91b9590d84a495734e65 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 96473f525dcec4115b9bab0b305ff5b92194b134
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Oct 15 22:38:01 2016 +0100

    Revert "setup: Store passwords in SHA format"
    
    This reverts commit eef9b2529c3cab522dac4f4bcfa1a0075376514e.
    
    It appears that htpasswd is not salting any passwords that are
    stored with the SHA (-s) algorithm. MD5 passwords however are
    salted.
    
    That leads us to the conclusion that the "MD5 algorithm" in htpasswd
    is more secure than the "SHA algorithm" although the hash function
    itself should be stronger.
    
    With a rainbow table, cracking "SHA" is easily done.
    
    A rainbow table for "MD5" + salt would be way too large to be
    efficiently stored.
    
    Hence this commit is reverted to old behaviour to avoid the clear
    failure of design in SHA.
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
    Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/106/filelists/files | 1 -
 src/setup/passwords.c                     | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

Difference in files:
diff --git a/config/rootfiles/core/106/filelists/files b/config/rootfiles/core/106/filelists/files
index fd363f3..a67d30a 100644
--- a/config/rootfiles/core/106/filelists/files
+++ b/config/rootfiles/core/106/filelists/files
@@ -22,5 +22,4 @@ srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/services.cgi
-usr/sbin/setup
 var/ipfire/backup/include
diff --git a/src/setup/passwords.c b/src/setup/passwords.c
index 50ee38e..e7b4b52 100644
--- a/src/setup/passwords.c
+++ b/src/setup/passwords.c
@@ -56,7 +56,7 @@ int handleadminpassword(void)
 		return 0;
 	
 	snprintf(commandstring, STRING_SIZE,
-		"/usr/sbin/htpasswd -c -s -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+		"/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
 	sprintf(message, _("Setting %s 'admin' user password..."), NAME);
 	if (runhiddencommandwithstatus(commandstring, _("Setting password"), message, NULL)) {
 		sprintf(message, _("Problem setting %s 'admin' user password."), NAME);


hooks/post-receive
--
IPFire 2.x development tree