Feature #12962: Improve default sha512 password hashing rounds - pfSense - pfSense bugtracker

Actions

Copy link

Feature #12962

closed

Improve default sha512 password hashing rounds

Added by Phil Wardt about 2 years ago. Updated about 2 years ago.

Status:

Duplicate

Priority:

Normal

Assignee:

Category:

Authentication

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Description

After this change: https://redmine.pfsense.org/issues/10298
The default encryption for passwords is sha512

However, by default, sha512 only does 5000 rounds of encryption which is very weak
Increase rounds to 800k to provide same bcrypt default 10 rounds password resilience

See: https://www.reddit.com/r/PFSENSE/comments/ssnp35/260_default_password_hashing_changed_from_bcrypt/

Git commit to fix the issue:

Actions

Copy link

Updated by Phil Wardt about 2 years ago

Here's the commit:
https://github.com/pfsense/pfsense/pull/4563

Actions

Copy link

Updated by Jim Pingle about 2 years ago

Status changed from New to Duplicate
Assignee deleted (~~Jim Pingle~~)
Priority changed from Very High to Normal

Already covered by multiple other issues.

See: #12855, #12800, #12863

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Feature #12962

Improve default sha512 password hashing rounds

Updated by Phil Wardt about 2 years ago

Updated by Jim Pingle about 2 years ago