You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A few people so far have asked about support for alternative password crypts, https://en.wikipedia.org/wiki/Yescrypt is possibly the most interesting since. This is a feature currently not possible to add since ietf-system.yang has a limitation to which crypts are available, see RFC7317 for details:
typedef crypt-hash {
type string {
pattern
'$0$.*'
+ '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}'
+ '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}'
+ '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}';
}
description
"The crypt-hash type is used to store passwords using
a hash function. The algorithms for applying the hash
function and encoding the result are implemented in
various UNIX systems as the function crypt(3).
A value of this type matches one of the forms:
$0$<clear text password>
$<id>$<salt>$<password hash>
$<id>$<parameter>$<salt>$<password hash>
The '$0$' prefix signals that the value is clear text. When
such a value is received by the server, a hash value is
calculated, and the string '$<id>$<salt>$' or
$<id>$<parameter>$<salt>$ is prepended to the result. This
value is stored in the configuration data store.
To enable support for this the current investigation has detailed the following issues:
Add a deviation the IETF system password type to include $y$
Migrate from libgcrypt to libxcrypt, the former does not have yescrypt
You can help out by sponsoring the development, or contributing a pull request for its support. Use this issue for discussions around this topic.
The text was updated successfully, but these errors were encountered:
Classification:
Description:
A few people so far have asked about support for alternative password crypts, https://en.wikipedia.org/wiki/Yescrypt is possibly the most interesting since. This is a feature currently not possible to add since ietf-system.yang has a limitation to which crypts are available, see RFC7317 for details:
To enable support for this the current investigation has detailed the following issues:
$y$
You can help out by sponsoring the development, or contributing a pull request for its support. Use this issue for discussions around this topic.
The text was updated successfully, but these errors were encountered: