[Buildroot] [PATCH 1/2] system cfg: default mkpasswd to SHA

Yann E. MORIN yann.morin.1998 at free.fr
Wed Dec 5 21:54:41 UTC 2018


Matt, All,

On 2018-12-05 10:33 -0600, Matt Weber spake thusly:
> This patch drops the comment about checking the C libraries version as
> they now all support it by default
>     glibc 2.7+
>     uclibc (bdd8362a88 package/uclibc: defconfig: enable sha-256...)
>     musl 1.1.14+
> 
> This patch updates the help text and changes the default mkpasswd
> method to SHA256 from MD5

Really, this patch does two things:

  - update my now-wrong comments,

  - switch to using sha256 as the default;

so it should be two patches.

Besides, more comments, below...

> Cc: Yann E. MORIN <yann.morin.1998 at free.fr>
> Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
> ---
>  system/Config.in | 14 +++-----------
>  1 file changed, 3 insertions(+), 11 deletions(-)
> 
> diff --git a/system/Config.in b/system/Config.in
> index 9e34f11..2123d33 100644
> --- a/system/Config.in
> +++ b/system/Config.in
> @@ -61,7 +61,7 @@ endif
>  
>  choice
>  	bool "Passwords encoding"
> -	default BR2_TARGET_GENERIC_PASSWD_MD5
> +	default BR2_TARGET_GENERIC_PASSWD_SHA256
>  	help
>  	  Choose the password encoding scheme to use when Buildroot
>  	  needs to encode a password (eg. the root password, below).
> @@ -81,20 +81,12 @@ config BR2_TARGET_GENERIC_PASSWD_MD5
>  config BR2_TARGET_GENERIC_PASSWD_SHA256
>  	bool "sha-256"
>  	help
> -	  Use SHA256 to encode passwords.
> -
> -	  Very strong, but not ubiquitous, although available in glibc
> -	  for some time now. Choose only if you are sure your C library
> -	  understands SHA256 passwords.
> +	  Use SHA256 to encode passwords which is stronger then MD5.

s/then/than/

>  config BR2_TARGET_GENERIC_PASSWD_SHA512
>  	bool "sha-512"
>  	help
> -	  Use SHA512 to encode passwords.
> -
> -	  Extremely strong, but not ubiquitous, although available in
> -	  glibc for some time now. Choose only if you are sure your C
> -	  library understands SHA512 passwords.
> +	  Use SHA512 to encode passwords which is stronger then SHA256

s/then/than/

With that fix, and the patch split in two, you can add, to each, my:

    Reviewed-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>

Regards,
Yann E. MORIN.

>  endchoice # Passwd encoding
>  
> -- 
> 1.9.1
> 

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'


More information about the buildroot mailing list