Project

General

Profile

Todo #4120

Improve passwd security

Added by Renato Botelho almost 5 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
High
Category:
-
Target version:
Start date:
12/17/2014
Due date:
% Done:

100%

Estimated time:

Description

A couple of things to be done to improve pfSense passwd:

- Change hash from MD5 to SHA512 or blowfish
- Start to create a salt to crypt() calls

Associated revisions

Revision f83284bf (diff)
Added by Jim Pingle almost 4 years ago

Also switch admin password in the default config.xml to bcrypt. Ticket #4120

History

#1 Updated by Jim Thompson almost 5 years ago

  • Priority changed from Normal to High

#2 Updated by Chris Buechler almost 5 years ago

  • Target version changed from 2.2.1 to 2.2.2

#3 Updated by Chris Buechler over 4 years ago

  • Target version changed from 2.2.2 to 2.2.3

#4 Updated by Chris Buechler over 4 years ago

  • Target version changed from 2.2.3 to 2.3

#5 Updated by Renato Botelho almost 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Pull request #2450 has been merged

#6 Updated by Jim Thompson almost 4 years ago

bump

#7 Updated by Renato Botelho almost 4 years ago

It's working fine AFAIK. I didn't see any problems reported.

Left it in feedback so more people can validate

#8 Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Resolved

One place was missed (swapping the password for bcrypt-hash in /conf.default/config.xml), I pushed a correction for that. It's working well otherwise. Existing users are OK, when their passwords are changed their hash is converted to bcrypt in the config and in passwd, old hashes are removed, and they can still login to the GUI and over SSH. Looking through the repo I can't find any other trace of the old hash so I think we're set.

Also available in: Atom PDF