lib/salt.c: gensalt(): Default to SHA512 instead of DES by alejandro-colomar · Pull Request #1454 · shadow-maint/shadow

alejandro-colomar · 2025-12-27T00:02:15Z

DES is insecure; use it only if explicitly requested.

Closes: Fallback to DES when ENCRYPT_METHOD is unset is insecure: propose SHA512 or safe default #1278
Reported-by:@andreboscatto
Cc: @ikerexxe

Do not merge before the release of 4.20.

Revisions:

v1b

Rebase

$ git rd 
1:  f4dd13ccb108 < -:  ------------ */: Remove support for MD5_CRYPT_ENAB
2:  85771ad90a6c < -:  ------------ lib/salt.c: Compact conditionals
3:  fdc32380c44a < -:  ------------ */: chpasswd(8): -m,--md5: Remove option
4:  43b5bef9f464 < -:  ------------ */: chgpasswd(8): -m,--md5: Remove option
5:  5bb41add8c8a = 1:  0c12025560a2 lib/salt.c: gensalt(): Default to SHA512 instead of DES

DES is insecure; use it only if explicitly requested. Closes: <shadow-maint#1278> Reported-by: Andre Boscatto <andreboscatto@gmail.com> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>

alejandro-colomar requested review from hallyn and ikerexxe December 27, 2025 00:02

alejandro-colomar self-assigned this Dec 27, 2025

alejandro-colomar mentioned this pull request Dec 27, 2025

etc/, lib/, man/, tests/: Remove support for MD5_CRYPT_ENAB #1455

Merged

alejandro-colomar force-pushed the sha512 branch from 5b189b2 to 6417219 Compare December 27, 2025 01:23

alejandro-colomar added deprecation/removal and removed deprecation/removal labels Dec 27, 2025

alejandro-colomar force-pushed the sha512 branch from 6417219 to 62a18aa Compare December 27, 2025 01:38

alejandro-colomar force-pushed the sha512 branch 6 times, most recently from 321a6fa to 5bb41ad Compare February 23, 2026 17:07

lib/salt.c: gensalt(): Default to SHA512 instead of DES

0c12025

DES is insecure; use it only if explicitly requested. Closes: <shadow-maint#1278> Reported-by: Andre Boscatto <andreboscatto@gmail.com> Cc: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>

alejandro-colomar force-pushed the sha512 branch from 5bb41ad to 0c12025 Compare February 25, 2026 15:57

alejandro-colomar marked this pull request as ready for review February 25, 2026 16:00

alejandro-colomar marked this pull request as draft February 25, 2026 16:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lib/salt.c: gensalt(): Default to SHA512 instead of DES#1454

lib/salt.c: gensalt(): Default to SHA512 instead of DES#1454
alejandro-colomar wants to merge 1 commit intoshadow-maint:masterfrom
alejandro-colomar:sha512

alejandro-colomar commented Dec 27, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

alejandro-colomar commented Dec 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

alejandro-colomar commented Dec 27, 2025 •

edited

Loading