[syslinux] Requesting the removal of md5pass
Steffen Winterfeldt
wfeldt at suse.de
Tue Jun 28 04:12:09 PDT 2011
On Fri, 24 Jun 2011, H. Peter Anvin wrote:
> On 06/24/2011 09:32 AM, Dag Wieers wrote:
>>
>>>> PS2 For sha1pass there doesn't seem to be an equivalent in openssl,
>>>> but it
>>>> seems very useful to have that added to openssl as well (-4 ?).
>>>
>>> The particular SHA-1 password implementation in Syslinux is
>>> Syslinux-specific and probably pretty poor.
>>
>> Either there's a use for it (which may have a broader audience through
>> openssl) or there isn't and we could get rid of $4$... passwords ?
>>
>> Whatever we decide, do you think this is 4.05 or 4.10 material ?
>>
>
> Although deprecated, I want to keep the tool around for backward
> compatibility (SHA-1 passwords were the first encrypted passwords we
> supported.)
>
> This is low-risk material (easy to verify) so it can go into 4.05 if
> there is one.
>
> I would prefer the C-wrapper solution because it would avoid tying us to
> an external tool, and would also support $5$ and $6$ passwords even on
> platforms that normally don't have them.
How about that simple patch?
--- a/utils/md5pass
+++ b/utils/md5pass
@@ -1,7 +1,6 @@
#!/usr/bin/perl
use bytes;
-use Crypt::PasswdMD5;
use MIME::Base64;
sub random_bytes($) {
@@ -31,4 +30,4 @@ unless (defined($salt)) {
$salt =~ tr/\+/./; # . not +
}
-print unix_md5_crypt($pass, $salt), "\n";
+print crypt($pass, "\$1\$$salt\$"), "\n";
More information about the Syslinux
mailing list