Changeset aea16f6

Timestamp:

11/25/2022 08:30:45 AM (17 months ago)

Author:

Pierre Labastie <pierre.labastie@…>

Branches:

11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/update-glibc

Children:

295e337, 43063fe

Parents:

9a23a75

Message:

Sync shadow "rounds" parameter to blfs

Otherwise, As Xi has noticed, the password set for root at the end
of lfs may use the value 5000 for rounds, and not be changed, even
if later the number of rounds is increased.

File:

• chapter08/shadow.xml (modified) (2 diffs)

chapter08/shadow.xml

@@ -63 +63 @@
     <emphasis>crypt</emphasis> method, use the more secure
     <emphasis>SHA-512</emphasis> method of password encryption, which also
-    allows passwords longer than 8 characters. It is also necessary to change
+    allows passwords longer than 8 characters. In addition, set the number of
+    rounds to 500,000 instead of the default 5000, which is much too low to
+    prevent brute force password attacks. It is also necessary to change
     the obsolete <filename class="directory">/var/spool/mail</filename> location
     for user mailboxes that Shadow uses by default to the <filename
@@ -81 +83 @@
 
 <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \
+    -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@'       \
     -e 's:/var/spool/mail:/var/mail:'                 \
     -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'                \