Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make sha rounds configurable and increase no of rounds #452

Merged
merged 4 commits into from Jun 30, 2021
Merged

make sha rounds configurable and increase no of rounds #452

merged 4 commits into from Jun 30, 2021

Conversation

rndmh3ro
Copy link
Member

Fixes #365

Signed-off-by: rndmh3ro github@gumpri.ch

make sha rounds configurable and increase no of rounds
928b6ee 
Fixes #365

Signed-off-by: rndmh3ro <github@gumpri.ch>
@rndmh3ro rndmh3ro requested a review from schurzi June 28, 2021 06:43
@schurzi
Copy link
Contributor

schurzi commented Jun 28, 2021

since this setting only works for group passwords, should we also add the parameter rounds= to pam_unix.so in PAM configuration? I'd like this to have the same number of rounds as defined here.

make password rounds configurable in pam system-auth
71e5966 
Signed-off-by: rndmh3ro <github@gumpri.ch>
schurzi
schurzi approved these changes Jun 29, 2021
View reviewed changes
roles/os_hardening/README.md Outdated Show resolved Hide resolved
roles/os_hardening/README.md Outdated Show resolved Hide resolved
roles/os_hardening/defaults/main.yml Outdated Show resolved Hide resolved
roles/os_hardening/templates/etc/login.defs.j2 Outdated Show resolved Hide resolved
@rndmh3ro @schurzi
change wording of sha rounds documentation
bf9c080 
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
@rndmh3ro rndmh3ro merged commit 9cefddd into master Jun 30, 2021
@rndmh3ro rndmh3ro deleted the sha_rounds branch June 30, 2021 08:42
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro @schurzi
make sha rounds configurable and increase no of rounds (dev-sec#452)
2a6c197 
* make sha rounds configurable and increase no of rounds

Fixes dev-sec#365

Signed-off-by: rndmh3ro <github@gumpri.ch>

* Prettified Code!

* make password rounds configurable in pam system-auth

Signed-off-by: rndmh3ro <github@gumpri.ch>

* change wording of sha rounds documentation

Co-authored-by: schurzi <Martin.Schurz@t-systems.com>

Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schurzi schurzi schurzi approved these changes

Assignees
No one assigned
Labels
enhancement minor os_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SHA_CRYPT_MIN_ROUNDS should be increased in login.defs
2 participants
@rndmh3ro @schurzi