[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Also affects: system-config-kickstart (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: system-config-kickstart (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Tags added: fr-294 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
@earlruby.org I think you already filed the PR at the best place, i.e. at upstream. Ubuntu (and other distributions as well AFAIK) preferes carrying patches only when it is critical to the distribution and preferably only for a shorted period until it becomes available in a new upstream release. This patch don't seem to fit either category unless upstream accepts the patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Tags removed: rls-dd-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Tags added: id-5c93b5ed0e88b83056419916 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Changed in: system-config-kickstart (Ubuntu) Assignee: Canonical Foundations Team (canonical-foundations) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Changed in: system-config-kickstart (Ubuntu) Status: New => Triaged ** Changed in: system-config-kickstart (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
Is there a different repository where I should submit this PR? On Thu, Mar 7, 2019 at 2:30 PM Dimitri John Ledkov wrote: > ** Tags added: rls-dd-incoming > > ** Changed in: system-config-kickstart (Ubuntu) > Assignee: (unassigned) => Canonical Foundations Team > (canonical-foundations) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1807479 > > Title: > Hashed passwords stored as MD5 hashes in /etc/shadow > > Status in system-config-kickstart package in Ubuntu: > New > > Bug description: > The root password (if specified) and initial user account password > (required) are encrypted using an (insecure) MD5 hash. The resulting > kickstart file will build virtual machines that store the MD5 hashed > password in /etc/shadow for the root and/or initial user. > > Currently Ubuntu uses SHA512 for storing hashed passwords in > /etc/shadow, but MD5 still works for the sake of backwards > compatibility. Using MD5 hashes for any passwords is highly insecure > and should be avoided. > > 1) The release of Ubuntu you are using, via 'lsb_release -rd' or > System -> About Ubuntu > > $ lsb_release -rd > Description: Ubuntu 18.10 > Release: 18.10 > > 2) The version of the package you are using, via 'apt-cache policy > pkgname' or by checking in Software Center > > $ apt-cache policy system-config-kickstart > system-config-kickstart: > Installed: 2.5.20-0ubuntu25 > Candidate: 2.5.20-0ubuntu25 > Version table: >*** 2.5.20-0ubuntu25 500 > 500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 > Packages > 500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 > Packages > 100 /var/lib/dpkg/status > > > 3) What you expected to happen > > I expected system-config-kickstart to use SHA512 for storing hashed > passwords. (Hash starts with "$6$".) > > 4) What happened instead > > system-config-kickstart used MD5 for storing hashed passwords. (Hash > starts with "$1$".) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions > -- Earl Ruby http://earlruby.org/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Tags added: rls-dd-incoming ** Changed in: system-config-kickstart (Ubuntu) Assignee: (unassigned) => Canonical Foundations Team (canonical-foundations) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1807479] Re: Hashed passwords stored as MD5 hashes in /etc/shadow
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1807479 Title: Hashed passwords stored as MD5 hashes in /etc/shadow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1807479/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs