[Bug 2037742] Re: missing yescrypt security hardening feature
Michael Hudson-Doyle
2037742 at bugs.launchpad.net
Tue Oct 3 01:58:42 UTC 2023
The annoying part of this is that it is not very easy at all to either
(1) hash a password as passwd would do it (by using pam apis) or (2)
figure out what algorithm pam is using to hash passwords (it's in
/etc/pam.d/common-password but not in a very friendly way).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2037742
Title:
missing yescrypt security hardening feature
Status in subiquity:
New
Bug description:
Johan Hortling reported a missing security hardening feature in Ubuntu
Server.
The subiquity installer for Ubuntu Server uses sha-512 instead of
yescrypt to hash the users password. After installation, passwd uses
yescrypt.
To manage notifications about this bug go to:
https://bugs.launchpad.net/subiquity/+bug/2037742/+subscriptions
More information about the foundations-bugs
mailing list