Ubuntu
libxcrypt package

Salt string compatibility problem 4.4.10 focal

Bug #1915904 reported by Alex Handle
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libxcrypt (Ubuntu)
New
Undecided
Unassigned

Bug Description

After upgrading from Ubuntu 18.04 to 20.04 a lot of authentification problems appeared on our mail cluster (Postfix/Dovecot).

I found out it was due to the format of the salt in the hashed passphrase.
All non working hashes have a '&' character in the salt:

1$abcd&$F3E5DEjSFJpzgeU.Wzu/W.\

This salt format worked on Ubuntu 16.04 and 18.04:

perl -E 'say crypt($ARGV[0], $ARGV[1])' 'test' '$1$abcd&$F3E5DEjSFJpzgeU.Wzu/W.\'
$1$abcd&$F3E5DEjSFJpzgeU.Wzu/W.

But not on Ubuntu 20.04:

perl -E 'say crypt($ARGV[0], $ARGV[1])' 'test' '$1$abcd&$F3E5DEjSFJpzgeU.Wzu/W.\'
*0

The upstream already fixed this problem in libxcrypt 4.4.17:

"Salt string compatibility with generic implementations (issue #105)."

https://github.com/besser82/libxcrypt/blob/develop/NEWS

and here the link to the github issue and commit:

https://github.com/besser82/libxcrypt/issues/105
https://github.com/besser82/libxcrypt/commit/f05159c73a7415da1a8430ee2db6ec8035b5d2e8

It would be really nice if you could upgrade the version of libxcrypt to 4.4.17 for focal.
A package for Hirsute Hippo with 4.4.17 already exists and i installed it on one of our focal mail nodes which solved the problem, but i'm not sure if i should use libcrypt1 and libcrypt-dev dpkg from 21.04 developement version.

Thanks for your help,
Alex

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.