This reverts commit
eef9b2529c3cab522dac4f4bcfa1a0075376514e.
It appears that htpasswd is not salting any passwords that are
stored with the SHA (-s) algorithm. MD5 passwords however are
salted.
That leads us to the conclusion that the "MD5 algorithm" in htpasswd
is more secure than the "SHA algorithm" although the hash function
itself should be stronger.
With a rainbow table, cracking "SHA" is easily done.
A rainbow table for "MD5" + salt would be way too large to be
efficiently stored.
Hence this commit is reverted to old behaviour to avoid the clear
failure of design in SHA.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
srv/web/ipfire/cgi-bin/pakfire.cgi
srv/web/ipfire/cgi-bin/pppsetup.cgi
srv/web/ipfire/cgi-bin/services.cgi
-usr/sbin/setup
var/ipfire/backup/include
return 0;
snprintf(commandstring, STRING_SIZE,
- "/usr/sbin/htpasswd -c -s -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+ "/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
sprintf(message, _("Setting %s 'admin' user password..."), NAME);
if (runhiddencommandwithstatus(commandstring, _("Setting password"), message, NULL)) {
sprintf(message, _("Problem setting %s 'admin' user password."), NAME);
projects / people / stevee / ipfire-2.x.git / commitdiff
