Todo #10298: Use SHA-512 for user password hashes - pfSense - pfSense bugtracker

Actions

Copy link

Todo #10298

closed

Use SHA-512 for user password hashes

Added by Viktor Gurov over 4 years ago. Updated about 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Viktor Gurov

Category:

Authentication

Target version:

2.6.0

Start date:

02/27/2020

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

22.01

Release Notes:

Description

function local_user_set_password() from auth.inc,
for now uses password_hash($password, PASSWORD_BCRYPT) function to create user password hash
from https://www.php.net/manual/en/function.password-hash.php:

PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. 
This will produce a standard crypt() compatible hash using the "$2y$" identifier. 
The result will always be a 60 character string, or FALSE on failure.

Is it possible to use CNSA-compatible hashing for this operation?
From https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm:
Use SHA-384 to protect up to TOP SECRET. ( http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf )

Using hash() ?
https://stackoverflow.com/questions/6431918/php-sha256-and-salt-wont-work

Related issues

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Todo #10298

Use SHA-512 for user password hashes

Updated by Brad Davis over 3 years ago

Updated by Brad Davis over 3 years ago

Updated by Jim Pingle over 3 years ago

Updated by Viktor Gurov over 3 years ago

Updated by Jim Pingle over 3 years ago

Updated by Jim Pingle over 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Viktor Gurov almost 3 years ago

Updated by Jim Pingle over 2 years ago