Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: configurable policy for hash functions and cost parameters #4

Open
zackw opened this issue May 19, 2018 · 1 comment
Open

Feature request: configurable policy for hash functions and cost parameters #4

zackw opened this issue May 19, 2018 · 1 comment
Labels
enhancement Requests a new feature or improvement. Without "need more information", we agree it's desirable.

Comments

@zackw
Copy link
Collaborator

zackw commented May 19, 2018

On Linux, glibc's libcrypt forbids the use of MD5 and DES password hashes if /proc/sys/crypto/fips_enabled exists and contains a positive integer. As I understand it, this was a kludge for a specific security certification that is no longer considered valuable, but it suggests a more general and useful feature: a configuration file (perhaps /etc/security/pwhash.conf) allowing the system administrator to forbid the use of some hash functions, and also to configure the options for hashes that have them.

A possible file format:

# As usual, comments begin with `#` and extend to the end of the line.
# Blank lines are ignored.
# New passwords are to be hashed in bcrypt-2b format with the default cost parameter
bcrypt-2b: yes

# SHA-2-512 is also acceptable.  Use 4096 rounds.
sha512: yes rounds=4096

# SHA-256 and older variants of bcrypt are acceptable but should be updated to a
# modern hash the next time the user logs in.
bcrypt-2a: old
bcrypt-2x: old
bcrypt-2y: old
sha256: old

# MD5 and DES hashes are no longer acceptable even for old accounts.
md5: no
des: no
bsdi: no
bigcrypt: no

crypt and crypt_gensalt would both fail with EPERM when offered a setting for a "no" hash; crypt_gensalt but not crypt would fail with EPERM when offered a setting for an "old" hash. (Actually auto-updating the password database is not our job, but perhaps we could coordinate with the PAM people to make it happen.)
@besser82 besser82 added the enhancement Requests a new feature or improvement. Without "need more information", we agree it's desirable. label May 19, 2018
@zackw zackw mentioned this issue Aug 21, 2018
Draft
@zackw zackw mentioned this issue Aug 29, 2018
Open
@solardiz
Copy link
Collaborator

solardiz commented Aug 30, 2018
edited
Loading

Not commenting on the feature nor on file format, but this reminded me: I suggest that we adopt the naming of these hashes that's currently used in password hash cracking. This means: descrypt, bsdicrypt, md5crypt, sha256crypt, sha512crypt. This would help avoid the usual confusion between DES (block cipher) and descrypt, and between MD5 (fast, non-salted non-password ex-cryptographic hash) and md5crypt, etc. We should adopt this naming not only in identifiers, but also in comments, documentation, etc. Do not write things like "MD5 and DES hashes", etc.

This was referenced Jun 10, 2021
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests a new feature or improvement. Without "need more information", we agree it's desirable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zackw @besser82 @solardiz