Skip to content

lib/salt.c: gensalt(): Default to SHA512 instead of DES #1454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
alejandro-colomar wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

lib/salt.c: gensalt(): Default to SHA512 instead of DES #1454

alejandro-colomar wants to merge 3 commits into from

Conversation

@alejandro-colomar
Copy link
Collaborator

@alejandro-colomar alejandro-colomar commented Dec 27, 2025

@alejandro-colomar
*: Make support for SHA256 and SHA512 unconditional
159c78f 
This is necessary for later changing the fallback from the insecure DES
to something secure such as SHA512.

Link: <shadow-maint#1278>
Cc: Andre Boscatto <[email protected]>
Cc: Iker Pedrosa <[email protected]>
Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar
src/: Cosmetic
763838f 
Fix style.

Signed-off-by: Alejandro Colomar <[email protected]>
@alejandro-colomar alejandro-colomar self-assigned this Dec 27, 2025
@alejandro-colomar alejandro-colomar mentioned this pull request Dec 27, 2025
Draft
@alejandro-colomar
lib/salt.c: gensalt(): Default to SHA512 instead of DES
62a18aa 
DES is insecure; use it only if explicitly requested.

Closes: <shadow-maint#1278>
Reported-by: Andre Boscatto <[email protected]>
Cc: Iker Pedrosa <[email protected]>
Signed-off-by: Alejandro Colomar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hallyn hallyn Awaiting requested review from hallyn

@ikerexxe ikerexxe Awaiting requested review from ikerexxe

At least 1 approving review is required to merge this pull request.

Assignees

@alejandro-colomar alejandro-colomar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fallback to DES when ENCRYPT_METHOD is unset is insecure: propose SHA512 or safe default

1 participant

@alejandro-colomar