Actions
Todo #4120
closedImprove passwd security
Start date:
12/17/2014
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
A couple of things to be done to improve pfSense passwd:
- Change hash from MD5 to SHA512 or blowfish
- Start to create a salt to crypt() calls
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.1 to 2.2.2
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.2 to 2.2.3
Updated by Chris Buechler over 9 years ago
- Target version changed from 2.2.3 to 2.3
Updated by Renato Botelho over 8 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Pull request #2450 has been merged
Updated by Renato Botelho over 8 years ago
It's working fine AFAIK. I didn't see any problems reported.
Left it in feedback so more people can validate
Updated by Jim Pingle over 8 years ago
- Status changed from Feedback to Resolved
One place was missed (swapping the password for bcrypt-hash in /conf.default/config.xml), I pushed a correction for that. It's working well otherwise. Existing users are OK, when their passwords are changed their hash is converted to bcrypt in the config and in passwd, old hashes are removed, and they can still login to the GUI and over SSH. Looking through the repo I can't find any other trace of the old hash so I think we're set.
Actions