[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH] pw_encrypt: Add option to enable bcrypt support
From:       "Raffaello D. Di Napoli" <rafdev () dinapo ! li>
Date:       2020-05-07 23:43:41
Message-ID: 2250d85c-419e-933e-cef6-764791bd24e9 () dinapo ! li
[Download RAW message or body]

On 07/05/20 14:57, Scott Court wrote:
> Adds an option to the Login/Password Management Utilities menu to enable bcrypt
> support in passwd and chpasswd.
>
> Add support bcrypt to BusyBox chpasswd & passwd.
>
> --- busybox/include/libbb.h
> +++ busybox-bcrypt/include/libbb.h
> @@ -1633,8 +1633,8 @@
>    * (otherwise we risk having same salt generated)
>    */
>   extern int crypt_make_salt(char *p, int cnt /*, int rnd*/) FAST_FUNC;
> -/* "$N$" + sha_salt_16_bytes + NUL */
> -#define MAX_PW_SALT_LEN (3 + 16 + 1)
> +/* "$Na$10$" + bcrypt_salt_24_bytes + NUL */
> +#define MAX_PW_SALT_LEN (7 + 24 + 1)
>   extern char* crypt_make_pw_salt(char p[MAX_PW_SALT_LEN], const char *algo) FAST_FUNC;

Can you make this change conditional to ENABLE_USE_BCRYPT as well?

Ideally, leaving USE_BCRYPT to default (N) should result in the same code as before this change.


> --- busybox/libbb/pw_encrypt.c
> +++ busybox-bcrypt/libbb/pw_encrypt.c
> @@ -67,6 +67,17 @@
>   			len = 16/2;
>   		}
>   #endif
> +#if ENABLE_USE_BCRYPT
> +		if ((algo[0]|0x20) == 'b') { /* bcrypt */
> +			salt[1] = '2';
> +			salt[2] = 'a';
> +			*salt_ptr++ = '$';
> +			*salt_ptr++ = '1';
> +			*salt_ptr++ = '0';
> +			*salt_ptr++ = '$';
> +			len = 24/2;
> +		}
> +#endif
>   	}
>   	crypt_make_salt(salt_ptr, len);
>   	return salt_ptr;
> --- busybox/loginutils/Config.src
> +++ busybox-bcrypt/loginutils/Config.src
> @@ -93,4 +93,14 @@
>   
>   INSERT
>   
> +config USE_BCRYPT
> +	bool "Enable the bcrypt crypt function"
> +	default n
> +	depends on !USE_BB_CRYPT
> +	help
> +	Enable this if you have passwords starting with $2a$ in your
> +	/etc/passwd or /etc/shadow files. These passwords are hashed
> +	using the bcrypt algorithm. Requires the use of a C library
> +	that supports bcrypt.
> +
>   endmenu
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic