[syslinux] Requesting the removal of md5pass
H. Peter Anvin
hpa at zytor.com
Fri Jun 24 10:03:13 PDT 2011
On 06/24/2011 09:32 AM, Dag Wieers wrote:
>
>>> PS2 For sha1pass there doesn't seem to be an equivalent in openssl,
>>> but it
>>> seems very useful to have that added to openssl as well (-4 ?).
>>
>> The particular SHA-1 password implementation in Syslinux is
>> Syslinux-specific and probably pretty poor.
>
> Either there's a use for it (which may have a broader audience through
> openssl) or there isn't and we could get rid of $4$... passwords ?
>
> Whatever we decide, do you think this is 4.05 or 4.10 material ?
>
Although deprecated, I want to keep the tool around for backward
compatibility (SHA-1 passwords were the first encrypted passwords we
supported.)
This is low-risk material (easy to verify) so it can go into 4.05 if
there is one.
I would prefer the C-wrapper solution because it would avoid tying us to
an external tool, and would also support $5$ and $6$ passwords even on
platforms that normally don't have them.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
More information about the Syslinux
mailing list