If there is no objection I’d go ahead and merge this? https://github.com/openwrt/openwrt/pull/14426
* busybox: enable sha hash for /etc/shadow * busybox: switch to sha256 for passwd Best, Paul > On Jan 19, 2024, at 08:38, abnoeh <abn...@mail.com> wrote: > > sorry, use_bcrypt isn't something in mainline busybox but a patched > vesrion so I think sha256 is best option here > > 2024-01-19 오후 4:28에 abnoeh 이(가) 쓴 글: >> that option only applies if we use busybox internal crypt, >> BUSYBOX_DEFAULT_USE_BB_CRYPT is set but we don't so it doesn't needed >> (it's using musl here) >> >> you'd need to change this option (line 1367) on same file >> >> config BUSYBOX_DEFAULT_FEATURE_DEFAULT_PASSWD_ALGO >> string >> default "md5" >> >> to something better like sha256 or sha512: this will make all new >> passwds to use new hash (shell or luci), but won't upgrade without user >> changing it first. but we'd better expose and set USE_BCRYPT of busybox >> option to be able to use bcrypt here (not sure routers cpu can handle it >> as it's made to be slow though. >> >> 2024-01-18 오후 8:21에 Paul Spooren 이(가) 쓴 글: >>> Hi, >>> >>>> however Busybox doesn't configed to use those and still use md5 as >>>> default, while we bring other hash algos into flash anyway: >>> Does the following do the trick? >>> >>> diff --git a/package/utils/busybox/Config-defaults.in >>> b/package/utils/busybox/Config-defaults.in >>> index b3c3f9a0b2..5ae8dd5622 100644 >>> --- a/package/utils/busybox/Config-defaults.in >>> +++ b/package/utils/busybox/Config-defaults.in >>> @@ -1333,7 +1333,7 @@ config BUSYBOX_DEFAULT_USE_BB_CRYPT >>> default n >>> config BUSYBOX_DEFAULT_USE_BB_CRYPT_SHA >>> bool >>> - default n >>> + default y >>> config BUSYBOX_DEFAULT_ADD_SHELL >>> bool >>> default n >>> >>> If so I’d create a PR >>> >>> Best, >>> Paul >>> _______________________________________________ >>> openwrt-devel mailing list >>> openwrt-devel@lists.openwrt.org >>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel >> >> _______________________________________________ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
