mirror of
https://git.proxmox.com/git/proxmox
synced 2025-07-24 18:45:34 +00:00
f82bb2fc2b
previously we used `sha256scrypt` for password hashing. while this may by safe if used with the correct parameters, we used the default parameters which are considered unsafe. according to `man crypt(5)`: > The default CPU time cost parameter is 5000, which is too low for > modern hardware. hence, we needed to adapt this code anyway. conveniently, verification with crypt also works for older hashes as the parameters for the hashing function are encoded in the output of crypt. so this is a drop in replacement that will simply use yescrypt for new hashes while old hashes will still verify properly. this commit also adds a wrapper for `crypt_gensalt_rn` to more easily generate correctly formatted salt strings. this is also useful for switching the cpu time hardness parameter, as otherwise we'd need to encode that ourselves. Signed-off-by: Stefan Sterz <s.sterz@proxmox.com> |
||
|---|---|---|
| .. | ||
| debian | ||
| src | ||
| tests | ||
| Cargo.toml | ||