summaryrefslogtreecommitdiff
path: root/interface-definitions/system-login.xml.in
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2023-03-02 14:54:37 +0100
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2023-03-02 15:14:47 +0100
commit19ad6dc524bcf963d2c0725a36329cb1176533b4 (patch)
treeb2d4aa3f892798620555ee1a9fa9f9f9aeb0372f /interface-definitions/system-login.xml.in
parent62047982debe7bbfa1328d4229578486e70e34b2 (diff)
downloadvyos-1x-19ad6dc524bcf963d2c0725a36329cb1176533b4.tar.gz
vyos-1x-19ad6dc524bcf963d2c0725a36329cb1176533b4.zip
login: T5039: Support hashing rounds in `encrypted-password` values
Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed by "rounds=xxx$", where xxx is an integer, then the result has the form $id$rounds=yyy$salt$encrypted where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise.
Diffstat (limited to 'interface-definitions/system-login.xml.in')
-rw-r--r--interface-definitions/system-login.xml.in4
1 files changed, 2 insertions, 2 deletions
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index e71a647ef..b00741ffe 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -29,8 +29,8 @@
<regex>(\*|\!)</regex>
<regex>[a-zA-Z0-9\.\/]{13}</regex>
<regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex>
- <regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
- <regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
+ <regex>\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
+ <regex>\$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
</constraint>
<constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage>
</properties>