Feature changed by: Jan Engelhardt (jengelh) Feature #312321, revision 11 Title: Replace blowfish with sha512 as password hash openSUSE Distribution: Implementation Priority Requester: Important Requested by: Thorsten Kukuk (kukuk) Partner organization: openSUSE.org Description: Since upstream has meanwhile a good replacement for DES crypt (sha256 and sha512), we should follow the other distributions and switch to sha512 as default password hash for local accounts. For openSUSE this means: * Make sha512 the new password hash in pwdutils * add support for sha512 to YaST (core, security) * Remove blowfish as option from YaST2 * Drop libxcrypt Business case (Partner benefit): openSUSE.org: More secure password hashing, which are harder to crack with passwd cracking software. Discussion: #1: Bruno Friedmann (bruno_friedmann) (2011-05-17 17:24:55) Want to add me as interested but get an error Errorcode: 0 Message: undefined method `next=' for nil:NilClass #2: Thomas Schmidt (digitaltomm) (2011-05-17 17:35:32) (reply to #1) Please try again, that was caused because the product openSUSE 11.5 was not created completely. #3: Thorsten Kukuk (kukuk) (2011-05-18 15:21:35) pwdutils is adjusted. Lukas, can you please remove blowfish from YaST2 as option to choose and link yast2-core against libcrypt and not libxcrypt? #4: Ludwig Nussel (lnussel) (2011-07-06 14:56:32) (reply to #3) I've filed a separate feature for dropping libxcrypt as a clean solution requires a glibc with gensalt functions to avoid copies of them everywhere -> 312617. #6: Ludwig Nussel (lnussel) (2011-07-11 14:58:41) (reply to #3) unfortunately the yast interface to the crypt functions is not as flexible as it should be. yast has separate built-in functions for each hash so adding support for sha512 requires adding a new built-in rather than just passing down some different salt string. #5: Robert Davies (robopensuse) (2011-07-06 15:26:42) Background for those who haven't seen it. Migration of current from "blowfish" hashed passwords, ought to be mandatory, because of the sign extension bug that's been found (in "John the Ripper". As, current user passwords would have to be changed anyway, it makes sense to force migrate to sha512 anyway as part of update. See "A hole in crypt_blowfish" http://lwn.net/Articles/448699/ (http://lwn.net/Articles/448699/) for explanation of the problem & discussion. Executive summary "crypt_blowfish developer Alexander Peslyak (aka Solar Designer) analyzed the effects of the bug and found that some password pairs would hash to the same value with only minimal differences (e.g. "ab£" hashed to the same value as "£"), which would make password cracking easier. A further analysis shows that some characters appearing just before one with the high bit set may be effectively ignored when calculating the hash." + #7: Jan Engelhardt (jengelh) (2011-07-12 15:39:29) (reply to #5) + The hole in crypt_blowfish has nothing to do with a desire to move off + Blowfish. It's much more that Glibc has never offered Blowfish and + openSUSE carried a patch for it, whereas SHA-512 is available + upstream. -- openSUSE Feature: https://features.opensuse.org/312321