[Buildroot] [PATCH v2 1/3] system cfg: update mkpasswd SHA option txt

[Buildroot] [PATCH v2 1/3] system cfg: update mkpasswd SHA option txt

[Matt Weber]

This patch drops the comment about checking the C libraries version as
they now all support it by default
    glibc 2.7+
    uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
    musl 1.1.14+

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
[Yann
 - Suggest this patch content is split out from the change of default
   method to SHA256
 - then -> than in help text
---
 system/Config.in | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/system/Config.in b/system/Config.in
index 9e34f11..e33568f 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -81,20 +81,12 @@ config BR2_TARGET_GENERIC_PASSWD_MD5
 config BR2_TARGET_GENERIC_PASSWD_SHA256
 	bool "sha-256"
 	help
-	  Use SHA256 to encode passwords.
-
-	  Very strong, but not ubiquitous, although available in glibc
-	  for some time now. Choose only if you are sure your C library
-	  understands SHA256 passwords.
+	  Use SHA256 to encode passwords which is stronger than MD5.
 
 config BR2_TARGET_GENERIC_PASSWD_SHA512
 	bool "sha-512"
 	help
-	  Use SHA512 to encode passwords.
-
-	  Extremely strong, but not ubiquitous, although available in
-	  glibc for some time now. Choose only if you are sure your C
-	  library understands SHA512 passwords.
+	  Use SHA512 to encode passwords which is stronger than SHA256
 
 endchoice # Passwd encoding
 
-- 
1.9.1

[Buildroot] [PATCH v2 2/3] system cfg: set mkpasswd default to SHA256

[Matt Weber]

This patch changes the default mkpasswd method to SHA256 from MD5.
The change both improves the quality of the hash used and prepares
for eventually removing MD5 as a option.

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v2 - New patch
---
 system/Config.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/Config.in b/system/Config.in
index e33568f..65c92a8 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -61,7 +61,7 @@ endif
 
 choice
 	bool "Passwords encoding"
-	default BR2_TARGET_GENERIC_PASSWD_MD5
+	default BR2_TARGET_GENERIC_PASSWD_SHA256
 	help
 	  Choose the password encoding scheme to use when Buildroot
 	  needs to encode a password (eg. the root password, below).
-- 
1.9.1

[Buildroot] [PATCH v2 3/3] system cfg: remove mkpasswd MD5 format option

[Matt Weber]

As SHA256 is now default, removing weak MD5 option.  C libraries now
all support the SHA methods.
    glibc 2.7+
    uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
    musl 1.1.14+

One issue this would prevent, is a host tool issue with a FIPS enabled
system where weak ciphers/methods are disabled. It seems the crypt(3)
call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man
page). It results in mkpasswd returning "(EPERM) crypt failed."
Rather then create a Buildroot host dependency check, this patch
removes the potential corner case from being selected.

Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
Changes
v1 -> v2
 - Updated description wording
---
 Config.in.legacy |  8 ++++++++
 system/Config.in | 10 ----------
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/Config.in.legacy b/Config.in.legacy
index 02321c8..d70654c 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -143,6 +143,14 @@ comment "----------------------------------------------------"
 endif
 
 ###############################################################################
+
+config BR2_TARGET_GENERIC_PASSWD_MD5
+	bool "target passwd md5 format support has been removed"
+	select BR2_LEGACY
+	help
+	  The default has been moved to SHA256 and all C libraries
+	  now support that method by default
+
 comment "Legacy options removed in 2018.11"
 
 config BR2_TARGET_XLOADER
diff --git a/system/Config.in b/system/Config.in
index 65c92a8..0f77b9b 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -68,16 +68,6 @@ choice
 
 	  Note: this is used at build-time, and *not* at runtime.
 
-config BR2_TARGET_GENERIC_PASSWD_MD5
-	bool "md5"
-	help
-	  Use MD5 to encode passwords.
-
-	  The default. Wildly available, and pretty good.
-	  Although pretty strong, MD5 is now an old hash function, and
-	  suffers from some weaknesses, which makes it susceptible to
-	  brute-force attacks.
-
 config BR2_TARGET_GENERIC_PASSWD_SHA256
 	bool "sha-256"
 	help
-- 
1.9.1

[Buildroot] [PATCH v2 1/3] system cfg: update mkpasswd SHA option txt

[Peter Korsgaard]

>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes:

 > This patch drops the comment about checking the C libraries version as
 > they now all support it by default
 >     glibc 2.7+
 >     uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
 >     musl 1.1.14+

 > Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 > Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
 > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
 > ---
 > Changes
 > v1 -> v2
 > [Yann
 >  - Suggest this patch content is split out from the change of default
 >    method to SHA256
 >  - then -> than in help text

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v2 2/3] system cfg: set mkpasswd default to SHA256

[Peter Korsgaard]

>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes:

 > This patch changes the default mkpasswd method to SHA256 from MD5.
 > The change both improves the quality of the hash used and prepares
 > for eventually removing MD5 as a option.

 > Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
 > ---
 > Changes
 > v2 - New patch

Changing defaults is always tricky, but considering that the next
release will become LTS I think it will be OK.

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v2 3/3] system cfg: remove mkpasswd MD5 format option

[Peter Korsgaard]

>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes:

 > As SHA256 is now default, removing weak MD5 option.  C libraries now
 > all support the SHA methods.
 >     glibc 2.7+
 >     uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
 >     musl 1.1.14+

 > One issue this would prevent, is a host tool issue with a FIPS enabled
 > system where weak ciphers/methods are disabled. It seems the crypt(3)
 > call is impacted by /proc/sys/crypto/fips_enabled (per crypt(3) man
 > page). It results in mkpasswd returning "(EPERM) crypt failed."
 > Rather then create a Buildroot host dependency check, this patch
 > removes the potential corner case from being selected.

 > Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 > Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
 > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>

I was hesitating about this, but as you can still provide a pre-hashed
md5 password (if your host system supports it) I guess it is OK.

Committed, thanks.

-- 
Bye, Peter Korsgaard