FS#71393 - [shadow] Use yescrypt hash for passwords for improve security
Attached to Project:
Arch Linux
Opened by leazar (leazar) - Tuesday, 29 June 2021, 09:04 GMT
Last edited by David Runge (dvzrv) - Friday, 22 September 2023, 20:32 GMT
Opened by leazar (leazar) - Tuesday, 29 June 2021, 09:04 GMT
Last edited by David Runge (dvzrv) - Friday, 22 September 2023, 20:32 GMT
|
Details
SHA512 is designed to be fast (which makes it easier to
brute-force), while yescrypt is designed to resist password
cracking because it's computationally expensive and hard on
memory & GPU. Fedora is going to use it in its next
release
(https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow).
Please consider changing the default hashing method for passwords to yescrypt. |
This task depends upon
Closed by David Runge (dvzrv)
Friday, 22 September 2023, 20:32 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 4.14.0-3
Friday, 22 September 2023, 20:32 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with 4.14.0-3
FS#69933ifFS#67393is implemented these changes would be enough otherwise the encryption method would need to be changed in the pam configs supplied by util-linux and pambase.[1] https://src.fedoraproject.org/rpms/shadow-utils/blob/rawhide/f/shadow-4.8.1-yescrypt-support.patch
Good news: shadow 4.9 has been released with yescrypt support [4], there is no need to patch it anymore. However, the package has not been updated yet.
Ideally, the shadow and pambase could be updated simultaneously in order to use yescrypt as the default password hashing method.
[1]: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
[2]: https://tches.iacr.org/index.php/TCHES/article/view/8675
[3]: https://www.mdpi.com/2410-387X/1/2/10
[4]: https://github.com/shadow-maint/shadow/releases/tag/v4.9
FS#67393seems dead). I wonder why isn't security taken more seriously.I quickly tested locally with yescrypt & sha512, and works for login and changing passwords as expected. Let me know if there's anything I can do to help push this through?
Many thanks!
Update: I tested rolling back shadow to the official package, but with 'yescrypt' still enabled in /etc/pam.d/passwd and it seems that this patch isn't necessary - yescrypt still works without the change in the shadow PKGBUILD. Given that, it's hard for me to say how useful this change to shadow is...
Changes to the patches are made as fixups intended to be squashed into the four existing commits, in conjunction with
https://gitlab.archlinux.org/loqs/shadow/-/commits/shadow-4.14
https://gitlab.archlinux.org/loqs/pambase/-/commits/shadow-4.14
https://gitlab.archlinux.org/loqs/filesystem/-/commits/shadow-4.14
Implements
FS#67393FS#71393FS#66068.Not implemented
FS#33677(See issue) andFS#45903(No response from those affected to proposed fix).Edit:
I forgot to note additional changes for shadow 4.14.0:
Added --without-libbsd to avoid moving libbsd to core, shadow will use its own copy of readpassphrase [1] which does not appear to be used when pam is enabled.
Added --enable-lastlog to keep providing lastlog until util-linux provides lastlog2 [2].
[1] https://github.com/shadow-maint/shadow/issues/779
[2] https://github.com/util-linux/util-linux/pull/2164
```
--- /etc/pam.d/passwd.bak
+++ /etc/pam.d/passwd
@@ -1,2 +1,2 @@
#%PAM-1.0
-password required pam_unix.so sha512 shadow nullok
+password required pam_unix.so yescrypt shadow nullok
```
It works well for me.
@GalaxySnail did it not work for you specifying "ENCRYPT_METHOD YESCRYPT" in /etc/login.defs and not overriding that in any PAM config?
chpasswd(1) follows /etc/login.defs in some cases. If `-e`, `-c`, or `-m` option is passed, it follows /etc/login.defs and set password by itself. [2] Otherwise, it calls pam directly.
[1] search `use_pam` in https://github.com/shadow-maint/shadow/blob/4.13/src/passwd.c
[2] https://github.com/shadow-maint/shadow/blob/4.13/src/chpasswd.c#L460
By the way, the manual of shadow is outdated, only the source code is reliable.
In shadow 4.14.0, a new `-P, --prefix` option was added for passwd(1). If this option is passed, passwd(1) will follow /etc/login.defs. [3]
[3] https://github.com/shadow-maint/shadow/blob/4.14.0/src/passwd.c#L747-L752
Please give it a thorough test and report back with any problems!
[1] https://lists.archlinux.org/archives/users/d4ab9c9aac3740aca7fc577020f054af/
[2] https://github.com/besser82/libxcrypt/pull/113