* [git.ipfire.org] IPFire 2.x development tree branch, core106, updated. 96473f525dcec4115b9bab0b305ff5b92194b134
@ 2016-10-15 21:44 git
0 siblings, 0 replies; only message in thread
From: git @ 2016-10-15 21:44 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 3046 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core106 has been updated
via 96473f525dcec4115b9bab0b305ff5b92194b134 (commit)
from 6920fbe86df2cacefc1a91b9590d84a495734e65 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 96473f525dcec4115b9bab0b305ff5b92194b134
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Oct 15 22:38:01 2016 +0100
Revert "setup: Store passwords in SHA format"
This reverts commit eef9b2529c3cab522dac4f4bcfa1a0075376514e.
It appears that htpasswd is not salting any passwords that are
stored with the SHA (-s) algorithm. MD5 passwords however are
salted.
That leads us to the conclusion that the "MD5 algorithm" in htpasswd
is more secure than the "SHA algorithm" although the hash function
itself should be stronger.
With a rainbow table, cracking "SHA" is easily done.
A rainbow table for "MD5" + salt would be way too large to be
efficiently stored.
Hence this commit is reverted to old behaviour to avoid the clear
failure of design in SHA.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/106/filelists/files | 1 -
src/setup/passwords.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
Difference in files:
diff --git a/config/rootfiles/core/106/filelists/files b/config/rootfiles/core/106/filelists/files
index fd363f3..a67d30a 100644
--- a/config/rootfiles/core/106/filelists/files
+++ b/config/rootfiles/core/106/filelists/files
@@ -22,5 +22,4 @@ srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/cgi-bin/pakfire.cgi
srv/web/ipfire/cgi-bin/pppsetup.cgi
srv/web/ipfire/cgi-bin/services.cgi
-usr/sbin/setup
var/ipfire/backup/include
diff --git a/src/setup/passwords.c b/src/setup/passwords.c
index 50ee38e..e7b4b52 100644
--- a/src/setup/passwords.c
+++ b/src/setup/passwords.c
@@ -56,7 +56,7 @@ int handleadminpassword(void)
return 0;
snprintf(commandstring, STRING_SIZE,
- "/usr/sbin/htpasswd -c -s -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+ "/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
sprintf(message, _("Setting %s 'admin' user password..."), NAME);
if (runhiddencommandwithstatus(commandstring, _("Setting password"), message, NULL)) {
sprintf(message, _("Problem setting %s 'admin' user password."), NAME);
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-10-15 21:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-15 21:44 [git.ipfire.org] IPFire 2.x development tree branch, core106, updated. 96473f525dcec4115b9bab0b305ff5b92194b134 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox