Project

General

Profile

Actions

Todo #4120

closed

Improve passwd security

Added by Renato Botelho almost 7 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
High
Category:
-
Target version:
Start date:
12/17/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

A couple of things to be done to improve pfSense passwd:

- Change hash from MD5 to SHA512 or blowfish
- Start to create a salt to crypt() calls

Actions #1

Updated by Jim Thompson over 6 years ago

  • Priority changed from Normal to High
Actions #2

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.1 to 2.2.2
Actions #3

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.2 to 2.2.3
Actions #4

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.3 to 2.3
Actions #5

Updated by Renato Botelho over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Pull request #2450 has been merged

Actions #6

Updated by Jim Thompson over 5 years ago

bump

Actions #7

Updated by Renato Botelho over 5 years ago

It's working fine AFAIK. I didn't see any problems reported.

Left it in feedback so more people can validate

Actions #8

Updated by Jim Pingle over 5 years ago

  • Status changed from Feedback to Resolved

One place was missed (swapping the password for bcrypt-hash in /conf.default/config.xml), I pushed a correction for that. It's working well otherwise. Existing users are OK, when their passwords are changed their hash is converted to bcrypt in the config and in passwd, old hashes are removed, and they can still login to the GUI and over SSH. Looking through the repo I can't find any other trace of the old hash so I think we're set.

Actions

Also available in: Atom PDF