missing yescrypt security hardening feature
Bug #2037742 reported by
Mark Esler
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
subiquity |
New
|
Undecided
|
Unassigned |
Bug Description
Johan Hortling reported a missing security hardening feature in Ubuntu Server.
The subiquity installer for Ubuntu Server uses sha-512 instead of yescrypt to hash the users password. After installation, passwd uses yescrypt.
tags: | added: foundations-todo |
To post a comment you must log in.
The annoying part of this is that it is not very easy at all to either (1) hash a password as passwd would do it (by using pam apis) or (2) figure out what algorithm pam is using to hash passwords (it's in /etc/pam. d/common- password but not in a very friendly way).