[elbe-devel] [PATCH v3 6/7] preprocess: migrate root and user passwords

Holger Dengler holger at hdengler.de
Tue Jan 24 22:55:55 CET 2023 

Hi Kurt,

On 24/01/2023 12:21, Kurt Kanzenbach wrote:
> Holger!
> 
> On Thu Jun 30 2022, Holger Dengler wrote:
>> Support legacy XMLs by adding a preprocessing for plain-text passwords
>> for root and users. The plain-text password elements or attributes will
>> be replaced with their hashed variants.
>>
>> XMLs with only hashed passwords will not be changed by the
>> preprocessing.
>>
>> Signed-off-by: Holger Dengler <holger at hdengler.de>
>> ---
[...]
> 
> This generates hashes with rounds=656000. This takes up to 20 seconds
> for a login on an imx6. The machine is using one Cpu core to just
> calculate hashes...
> 
> |>>> print(sha512_crypt.hash("root"))
> |$6$rounds=656000$8qZf5ztNihauoIno$vfnyfyrkedR/Gql686qHNlQ0RTb8DLLfYPRDGOzPAkeydeLJZJgWXzXCkBTmENQJRmvMlHw61dUWh11hFLjfV0
> 
> Can we please use some meaningful defaults?

As mentioned in the commit message: the conversation of plaintext-passwords into their hased variants is mainly a legacy feature. In my opinion, it is highly recommended to remove all plaintext-passwords of all production elbe-XMLs. Access credentials (like passwords and private keys) should be managed separately from the normal version-controlled code.

Another aspect is, that I had to use the mechanism sha512crypt, so that the hashed passwords can be processed also by older Debian versions. As soon as you drop support for jessie, I would prefer to move forward with the hashing mechanism to the strongest supported on stretch.

Although the default for rounds in glibc's implementation is 5000, I would *not recommend* to use any lower number here. 656000 may waste a lot of cycles on an i.MX, but on a present x86-core, it should take less than a second (which is not really a good protection against a brute-force password-attack).

In summary:
- I would recommend to only use hashed-passwords in the elbe XMLs and generate them separately with the best hashing mechanism, supported by the Debian release of the target system.
- for login via ssh: my recommendation is to use key-based authentication instead of passwords (and HOTP/TOTP as a second factor). 

BTW: one of my earlier patch series (v1 or v2) used python's crypt library with used the glibc default of 5000 rounds. Fortunately, Bastian asked me to move to passlib, which uses much better defaults with respect to security.

-- 
Gruß,
Holger Dengler
--
holger at hdengler.de

More information about the elbe-devel mailing list