Comment 6 for bug 1807479
Revision history for this message
| Earl Ruby (earlruby.org) wrote Re: [Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Is there a different repository where I should submit this PR?
On Thu, Mar 7, 2019 at 2:30 PM Dimitri John Ledkov <email address hidden>
wrote:
> ** Tags added: rls-dd-incoming
>
> ** Changed in: system-
> Assignee: (unassigned) => Canonical Foundations Team
> (canonical-
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Hashed passwords stored as MD5 hashes in /etc/shadow
>
> Status in system-
> New
>
> Bug description:
> The root password (if specified) and initial user account password
> (required) are encrypted using an (insecure) MD5 hash. The resulting
> kickstart file will build virtual machines that store the MD5 hashed
> password in /etc/shadow for the root and/or initial user.
>
> Currently Ubuntu uses SHA512 for storing hashed passwords in
> /etc/shadow, but MD5 still works for the sake of backwards
> compatibility. Using MD5 hashes for any passwords is highly insecure
> and should be avoided.
>
> 1) The release of Ubuntu you are using, via 'lsb_release -rd' or
> System -> About Ubuntu
>
> $ lsb_release -rd
> Description: Ubuntu 18.10
> Release: 18.10
>
> 2) The version of the package you are using, via 'apt-cache policy
> pkgname' or by checking in Software Center
>
> $ apt-cache policy system-
> system-
> Installed: 2.5.20-0ubuntu25
> Candidate: 2.5.20-0ubuntu25
> Version table:
> *** 2.5.20-0ubuntu25 500
> 500 http://
> Packages
> 500 http://
> Packages
> 100 /var/lib/
>
>
> 3) What you expected to happen
>
> I expected system-
> passwords. (Hash starts with "$6$".)
>
> 4) What happened instead
>
> system-
> starts with "$1$".)
>
> To manage notifications about this bug go to:
>
> https:/
>
--
Earl Ruby
http://