Author: jsuchome Date: Wed Jul 20 11:04:52 2011 New Revision: 64909 URL: http://svn.opensuse.org/viewcvs/yast?rev=64909&view=rev Log: - remove blowfish hash from selections (fate#312321) - 2.21.1 Modified: trunk/security/VERSION trunk/security/package/yast2-security.changes trunk/security/src/Security.ycp trunk/security/src/helps.ycp trunk/security/src/levels.ycp trunk/security/src/security.ycp trunk/security/src/widgets.ycp trunk/security/testsuite/tests/Level1.out trunk/security/testsuite/tests/Level2.out trunk/security/testsuite/tests/Level3.out trunk/security/testsuite/tests/Read.out trunk/security/testsuite/tests/Read.ycp trunk/security/testsuite/tests/Write.out Modified: trunk/security/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/VERSION?rev=64909&r1... ============================================================================== --- trunk/security/VERSION (original) +++ trunk/security/VERSION Wed Jul 20 11:04:52 2011 @@ -1 +1 @@ -2.21.0 +2.21.1 Modified: trunk/security/package/yast2-security.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/package/yast2-security.c... ============================================================================== --- trunk/security/package/yast2-security.changes (original) +++ trunk/security/package/yast2-security.changes Wed Jul 20 11:04:52 2011 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Jul 20 11:04:03 CEST 2011 - jsuchome@suse.cz + +- remove blowfish hash from selections (fate#312321) +- 2.21.1 + +------------------------------------------------------------------- Tue Apr 5 11:03:35 CEST 2011 - jsuchome@suse.cz - added support for SHA-2 based crypto methods (fate309705) Modified: trunk/security/src/Security.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/Security.ycp?rev=649... ============================================================================== --- trunk/security/src/Security.ycp (original) +++ trunk/security/src/Security.ycp Wed Jul 20 11:04:52 2011 @@ -122,7 +122,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "all", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "GROUP_ENCRYPTION" : "md5", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", @@ -241,21 +241,11 @@ global map PasswordMaxLengths = $[ "des" : 8, "md5" : 127, - "blowfish" : 72, "sha256" : 127, "sha512" : 127 ]; /** - * List of supported password encryption ciphers - */ -list<string> Ciphers = [ - // "des", - "md5", - "blowfish", -]; - -/** * Abort function * return boolean return true if abort */ @@ -330,6 +320,7 @@ global define boolean Read() { Settings = $[]; + modified = false; /* Read security settings */ @@ -381,12 +372,19 @@ // read the password hash settings string method = PamSettings::GetDefaultValue ("CRYPT_FILES"); + // change old default to new default automatically + if (method == "blowfish") + { + y2milestone ("found 'blowfish', changing to new default 'sha512'"); + method = "sha512"; + modified = true; + } if (method == nil || method == "" || - !contains (["des","md5","blowfish","sha256","sha512"],method)) + !contains (["des","md5","sha256","sha512"],method)) { method = PamSettings::GetHashMethod (); } - if (method == "" || !contains (["des","md5","blowfish","sha256","sha512"],method)) + if (method == "" || !contains (["des","md5","sha256","sha512"],method)) method = "des"; Settings["PASSWD_ENCRYPTION"] = method; Settings["GROUP_ENCRYPTION"] = PamSettings::GetGroupHashMethod (); @@ -429,8 +427,6 @@ Settings["PERMISSION_SECURITY"] = perm; y2debug("Settings=%1", Settings); - modified = false; - // remeber the read values Settings_bak = Settings; return true; @@ -530,7 +526,7 @@ Progress::NextStage(); /* pam stuff */ - string encr = Settings["PASSWD_ENCRYPTION"]:"blowfish"; + string encr = Settings["PASSWD_ENCRYPTION"]:"sha512"; PamSettings::SetDefaultValue ("CRYPT_FILES", encr); // use cracklib? Modified: trunk/security/src/helps.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/helps.ycp?rev=64909&... ============================================================================== --- trunk/security/src/helps.ycp (original) +++ trunk/security/src/helps.ycp Wed Jul 20 11:04:52 2011 @@ -126,7 +126,7 @@ _("<p><b>Password Encryption Method:</b></p>") + /* Password dialog help 5b/8 */ -_("<p><b>des</b>, the Linux default method, works in all network environments, +_("<p><b>DES</b>, the Linux default method, works in all network environments, but it restricts you to passwords no longer than eight characters. If you need compatibility with other systems, use this method.</p>") + @@ -135,9 +135,8 @@ distributions, but not by other systems or old software.</p>") + /* Password dialog help 5d/8 */ -_("<p><b>Blowfish</b> is similar to MD5, but uses a different algorithm -to encrypt passwords. A lot of CPU power is needed to calculate the hash, -which makes it difficult to crack passwords with the help of a dictionary.</p>") +_("<p><b>SHA-512</b> is the current standard hash method, using other algorithms is not recommended unless needed for compatibility purpose.</p>") + + /* Password dialog help 7/8 */ Modified: trunk/security/src/levels.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/levels.ycp?rev=64909... ============================================================================== --- trunk/security/src/levels.ycp (original) +++ trunk/security/src/levels.ycp Wed Jul 20 11:04:52 2011 @@ -66,7 +66,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "all", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", "PASS_MIN_DAYS" : "0", @@ -108,7 +108,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "root", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", "PASS_MIN_DAYS" : "1", @@ -150,7 +150,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "root", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", "PASS_MIN_DAYS" : "1", Modified: trunk/security/src/security.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/security.ycp?rev=649... ============================================================================== --- trunk/security/src/security.ycp (original) +++ trunk/security/src/security.ycp Wed Jul 20 11:04:52 2011 @@ -159,7 +159,7 @@ // command line help text for 'set passwd' option "help" : _("Password encryption method"), "type" : "enum", - "typespec" : [ "des", "md5", "blowfish", "sha256", "sha512" ], + "typespec" : [ "des", "md5", "sha256", "sha512" ], ], "crack" : $[ // command line help text for 'set crack' option Modified: trunk/security/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/widgets.ycp?rev=6490... ============================================================================== --- trunk/security/src/widgets.ycp (original) +++ trunk/security/src/widgets.ycp Wed Jul 20 11:04:52 2011 @@ -166,7 +166,7 @@ /* ComboBox label */ "Label" : _("P&assword Encryption Method"), /* ComboBox values */ - "Options" : [["des","DES"],["md5","MD5"],["blowfish","Blowfish"], ["sha256", "SHA-256"], ["sha512", "SHA-512"]], + "Options" : [["des","DES"],["md5","MD5"],["sha256", "SHA-256"], ["sha512", "SHA-512"]], "Value" : "des", "Notify" : "yes", ], Modified: trunk/security/testsuite/tests/Level1.out URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Level1.o... ============================================================================== --- trunk/security/testsuite/tests/Level1.out (original) +++ trunk/security/testsuite/tests/Level1.out Wed Jul 20 11:04:52 2011 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] Modified: trunk/security/testsuite/tests/Level2.out URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Level2.o... ============================================================================== --- trunk/security/testsuite/tests/Level2.out (original) +++ trunk/security/testsuite/tests/Level2.out Wed Jul 20 11:04:52 2011 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] Modified: trunk/security/testsuite/tests/Level3.out URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Level3.o... ============================================================================== --- trunk/security/testsuite/tests/Level3.out (original) +++ trunk/security/testsuite/tests/Level3.out Wed Jul 20 11:04:52 2011 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[] Modified: trunk/security/testsuite/tests/Read.out URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Read.out... ============================================================================== --- trunk/security/testsuite/tests/Read.out (original) +++ trunk/security/testsuite/tests/Read.out Wed Jul 20 11:04:52 2011 @@ -56,3 +56,4 @@ Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[] Return true +Dump sha512 Modified: trunk/security/testsuite/tests/Read.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Read.ycp... ============================================================================== --- trunk/security/testsuite/tests/Read.ycp (original) +++ trunk/security/testsuite/tests/Read.ycp Wed Jul 20 11:04:52 2011 @@ -14,7 +14,7 @@ { -include "testsuite.ycp"; +import "Testsuite"; import "Security"; map scr_info = $[ @@ -97,6 +97,8 @@ ] ]; -TEST(``(Security::Read()),[scr_info,$[],E],nil); +Testsuite::Test (``(Security::Read()),[scr_info,$[],E],nil); +// read blowfish, changed to sha512 +Testsuite::Dump (Security::Settings["PASSWD_ENCRYPTION"]:nil); } Modified: trunk/security/testsuite/tests/Write.out URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Write.ou... ============================================================================== --- trunk/security/testsuite/tests/Write.out (original) +++ trunk/security/testsuite/tests/Write.out Wed Jul 20 11:04:52 2011 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org