News Draft: Default password hashing algorithm changed to yescrypt
Hi all, with shadow 4.14.0 I introduced some changes to default password hashing algorithms and would like to post the following on the website once the relevant packages (filesystem, pambase, shadow) move to [core]: ```markdown With shadow >= `4.14.0`, Arch Linux's default password hashing algorithm changed from `SHA512` to [yescrypt](https://www.openwall.com/yescrypt/) and [PAM](https://wiki.archlinux.org/title/PAM) honors the chosen `ENCRYPT_METHOD` in /etc/login.defs. While this should not require any direct user intervention, do note that since we now fully integrate with PAM the `YESCRYPT_COST_FACTOR` setting in `/etc/login.defs` is currently without effect, until [PAM implements reading its value](https://github.com/linux-pam/linux-pam/issues/607). If a `YESCRYPT_COST_FACTOR` higher (or lower) than the default (`5`) is needed, it can be set using the `rounds` option of the [pam_unix](https://man.archlinux.org/man/pam_unix.8) module (i.e. in /etc/pam.d/system-auth). Furthermore, additional changes in the filesystem (>= `2023.09.18`) and pambase (>= `20230918`) packages now ensure [umask](https://man.archlinux.org/man/umask.1p) being set centrally in /etc/login.defs instead of /etc/profile. ``` Best, David -- https://sleepmap.de
On 2023-09-19 09:43:17 (+0200), David Runge wrote: I have been asked by Kristian Klausen (offlist) to add information on the motivation for using yescrypt as new default. I propose this update:
```markdown With shadow >= `4.14.0`, Arch Linux's default password hashing algorithm changed from `SHA512` to [yescrypt](https://www.openwall.com/yescrypt/) and [PAM](https://wiki.archlinux.org/title/PAM) honors the chosen `ENCRYPT_METHOD` in /etc/login.defs.
The password-based key derivation function (KDF) and password hashing scheme `yescrypt` has been chosen due to its adoption (readily available in *libxcrypt*) and its stronger resilience towards password cracking attempts over `SHA512`. Although the winner of the [Password Hashing Competition](https://www.password-hashing.net/) has been `argon2`, this even more resilient algorithm is [not yet available in libxcrypt](https://github.com/besser82/libxcrypt/pull/150).
While this should not require any direct user intervention, do note that since we now fully integrate with PAM the `YESCRYPT_COST_FACTOR` setting in `/etc/login.defs` is currently without effect, until [PAM implements reading its value](https://github.com/linux-pam/linux-pam/issues/607). If a `YESCRYPT_COST_FACTOR` higher (or lower) than the default (`5`) is needed, it can be set using the `rounds` option of the [pam_unix](https://man.archlinux.org/man/pam_unix.8) module (i.e. in /etc/pam.d/system-auth).
Furthermore, additional changes in the filesystem (>= `2023.09.18`) and pambase (>= `20230918`) packages now ensure [umask](https://man.archlinux.org/man/umask.1p) being set centrally in /etc/login.defs instead of /etc/profile. ```
Best, David -- https://sleepmap.de
Hi again, as the changes are rather diverse and manual intervention should not be needed, Leonidas and I have spent some time to restructure the text a bit for readability (also altered title slightly): ```markdown With shadow >= `4.14.0`, Arch Linux's default password hashing algorithm changed from `SHA512` to [yescrypt](https://www.openwall.com/yescrypt/). Furthermore, the [umask](https://man.archlinux.org/man/umask.1p) settings are now configured in `/etc/login.defs` instead of `/etc/profile`. This should not require any manual intervention. ## Reasons for Yescrypt The password-based key derivation function (KDF) and password hashing scheme `yescrypt` has been chosen due to its adoption (readily available in *libxcrypt*, which is used by [PAM](https://wiki.archlinux.org/title/PAM)) and its stronger resilience towards password cracking attempts over `SHA512`. Although the winner of the [Password Hashing Competition](https://www.password-hashing.net/) has been `argon2`, this even more resilient algorithm is [not yet available in libxcrypt](https://github.com/besser82/libxcrypt/pull/150). ## Configuring yescrypt The `YESCRYPT_COST_FACTOR` setting in `/etc/login.defs` is currently without effect, until [PAM implements reading its value](https://github.com/linux-pam/linux-pam/issues/607). If a `YESCRYPT_COST_FACTOR` higher (or lower) than the default (`5`) is needed, it can be set using the `rounds` option of the [pam_unix](https://man.archlinux.org/man/pam_unix.8) module (i.e. in `/etc/pam.d/system-auth`). ## General list of changes - `yescrypt` is used as default password hashing algorithm, instead of `SHA512` - PAM honors the chosen `ENCRYPT_METHOD` in `/etc/login.defs` and does not override the chosen method anymore - changes in the filesystem (>= `2023.09.18`) and pambase (>= `20230918`) packages ensure, that [umask](https://man.archlinux.org/man/umask.1p) is set centrally in `/etc/login.defs` instead of `/etc/profile` ``` Changes have been done collaboratively in a pad [1] as doing them bit by bit over mail is rather cumbersome. Best, David [1] https://md.archlinux.org/Y5YE6OV8SCePY-sx-hVVXQ?view -- https://sleepmap.de
participants (1)
-
David Runge