[elbe-devel] [PATCH v3 6/7] preprocess: migrate root and user passwords
Bastian Germann
bage at linutronix.de
Tue Jan 24 12:36:00 CET 2023
Am 24.01.23 um 12:21 schrieb Kurt Kanzenbach:
> This generates hashes with rounds=656000. This takes up to 20 seconds
> for a login on an imx6. The machine is using one Cpu core to just
> calculate hashes...
>
> |>>> print(sha512_crypt.hash("root"))
> |$6$rounds=656000$8qZf5ztNihauoIno$vfnyfyrkedR/Gql686qHNlQ0RTb8DLLfYPRDGOzPAkeydeLJZJgWXzXCkBTmENQJRmvMlHw61dUWh11hFLjfV0
>
> Can we please use some meaningful defaults?
For the mean time, please just use passwd_hashed in your XML directly,
which was the point of the patch series posted by Holger.
We use the python library's default as that evolves with time to provide
more robust security depending on research and average computing power.
So, running elbe with older version of that library will give you a
different round size.
On Debian, use mkpasswd from whois package to create the password.
Hint: With bullseye and later, you can use better hashes which will be
more secure even if used with less demanding parameters.
More information about the elbe-devel
mailing list