[Buildroot] [PATCH v2 3/3] system cfg: remove mkpasswd MD5 format option
Matt Weber
matthew.weber at rockwellcollins.com
Thu Dec 6 02:06:29 UTC 2018
As SHA256 is now default, removing weak MD5 option. C libraries now
all support the SHA methods.
glibc 2.7+
uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
musl 1.1.14+
One issue this would prevent, is a host tool issue with a FIPS enabled
system where weak ciphers/methods are disabled. It seems the crypt(3)
call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man
page). It results in mkpasswd returning "(EPERM) crypt failed."
Rather then create a Buildroot host dependency check, this patch
removes the potential corner case from being selected.
Acked-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
Cc: "Yann E. MORIN" <yann.morin.1998 at free.fr>
Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
---
Changes
v1 -> v2
- Updated description wording
---
Config.in.legacy | 8 ++++++++
system/Config.in | 10 ----------
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/Config.in.legacy b/Config.in.legacy
index 02321c8..d70654c 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -143,6 +143,14 @@ comment "----------------------------------------------------"
endif
###############################################################################
+
+config BR2_TARGET_GENERIC_PASSWD_MD5
+ bool "target passwd md5 format support has been removed"
+ select BR2_LEGACY
+ help
+ The default has been moved to SHA256 and all C libraries
+ now support that method by default
+
comment "Legacy options removed in 2018.11"
config BR2_TARGET_XLOADER
diff --git a/system/Config.in b/system/Config.in
index 65c92a8..0f77b9b 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -68,16 +68,6 @@ choice
Note: this is used at build-time, and *not* at runtime.
-config BR2_TARGET_GENERIC_PASSWD_MD5
- bool "md5"
- help
- Use MD5 to encode passwords.
-
- The default. Wildly available, and pretty good.
- Although pretty strong, MD5 is now an old hash function, and
- suffers from some weaknesses, which makes it susceptible to
- brute-force attacks.
-
config BR2_TARGET_GENERIC_PASSWD_SHA256
bool "sha-256"
help
--
1.9.1
More information about the buildroot
mailing list