From 19ad6dc524bcf963d2c0725a36329cb1176533b4 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Thu, 2 Mar 2023 14:54:37 +0100 Subject: login: T5039: Support hashing rounds in `encrypted-password` values Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed by "rounds=xxx$", where xxx is an integer, then the result has the form $id$rounds=yyy$salt$encrypted where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise. --- interface-definitions/system-login.xml.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index e71a647ef..b00741ffe 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -29,8 +29,8 @@ (\*|\!) [a-zA-Z0-9\.\/]{13} \$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22} - \$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} - \$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} + \$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} + \$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} Invalid encrypted password for $VAR(../../@). -- cgit v1.2.3