diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-03-02 14:54:37 +0100 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-03-02 15:14:47 +0100 |
| commit | 19ad6dc524bcf963d2c0725a36329cb1176533b4 (patch) | |
| tree | b2d4aa3f892798620555ee1a9fa9f9f9aeb0372f | |
| parent | 62047982debe7bbfa1328d4229578486e70e34b2 (diff) | |
| download | vyos-1x-19ad6dc524bcf963d2c0725a36329cb1176533b4.tar.gz vyos-1x-19ad6dc524bcf963d2c0725a36329cb1176533b4.zip | |
login: T5039: Support hashing rounds in `encrypted-password` values
Since glibc 2.7, the SHA-256 and SHA-512 implementations support
a user-supplied number of hashing rounds, defaulting to 5000. If
the "$id$" characters in the salt are followed by "rounds=xxx$",
where xxx is an integer, then the result has the form
$id$rounds=yyy$salt$encrypted
where yyy is the number of hashing rounds actually used. The
number of rounds actually used is 1000 if xxx is less than 1000,
999999999 if xxx is greater than 999999999, and is equal to xxx
otherwise.
| -rw-r--r-- | interface-definitions/system-login.xml.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index e71a647ef..b00741ffe 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -29,8 +29,8 @@ <regex>(\*|\!)</regex> <regex>[a-zA-Z0-9\.\/]{13}</regex> <regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex> - <regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex> - <regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex> + <regex>\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex> + <regex>\$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex> </constraint> <constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage> </properties> |