diff options
| author | Xavier Del Campo Romero <xavi92@disroot.org> | 2025-10-08 13:50:52 +0200 |
|---|---|---|
| committer | Xavier Del Campo Romero <xavi92@disroot.org> | 2025-10-08 22:55:44 +0200 |
| commit | 10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b (patch) | |
| tree | 3bb586177e375a6f7f91c0335876faefc28b805c /usergen | |
| parent | 805630dbfcd409a5d49bc89102f4183b71f713f9 (diff) | |
| download | slcl-10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b.tar.gz | |
Replace OpenSSL with libsodium and argon2id
The SHA256-based password hashing algorithm used by slcl(1) and
usergen(1) is considered insecure against several kinds of attacks,
including brute force attacks. [1]
Therefore, a stronger password hashing algorithm based on the Argon2id
key derivation function is now used by default. While OpenSSL does
support Argon2id, it is only supported by very recent versions [2],
which are still not packaged by most distributions as of the time of
this writing. [3]
As an alternative to OpenSSL, libsodium [4] had several benefits:
- It provides easy-to-use functions for password hashing, base64
encoding/decoding and other cryptographic primitives used by slcl(1)
and usergen(1).
- It is packaged by most distributions [5], and most often only the patch
version differs, which ensures good compatibility across distributions.
Unfortunately, and as opposed to OpenSSL, libsodium does not come with
command-line tools. Therefore, usergen(1) had to be rewritten in C.
In order to maintain backwards compatiblity with existing databases,
slcl(1) and usergen(1) shall support the insecure, SHA256-based password
hashing algorithm. However, Argon2id shall now be the default choice for
usergen(1).
[1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords
[2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/
[3]: https://repology.org/project/openssl/versions
[4]: https://www.libsodium.org/
[5]: https://repology.org/project/libsodium/versions
Diffstat (limited to 'usergen')
| -rwxr-xr-x | usergen | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/usergen b/usergen deleted file mode 100755 index eac072b..0000000 --- a/usergen +++ /dev/null @@ -1,97 +0,0 @@ -#! /bin/sh - -set -e - -usage() -{ - echo "$0 <dir>" -} - -to_hex() -{ - od -An -t x1 | tr -d ' ' | tr -d '\n' -} - -to_bin() -{ - sed -e 's,\([0-9a-f]\{2\}\),\\\\\\x\1,g' | xargs printf -} - -mktemp_posix() -{ - m4 <<EOF -mkstemp(${TMPDIR:-/tmp}/tmp.XXXXXX) -EOF -} - -if [ $# != 1 ]; then - usage >&2 - exit 1 -fi - -DIR=$1 - -echo Username: >&2 -IFS= read -r USER - -if printf '%s' "$USER" | grep -qe '[[:space:]]' -then - echo Username cannot contain whitespaces >&2 - exit 1 -fi - -DB="$DIR/db.json" - -if jq '.users[].name' "$DB" | grep -q $USER -then - echo User $USER already in $DB >&2 - exit 1 -fi - -TTYCFG=$(stty -g) -trap "stty $TTYCFG" INT QUIT TERM EXIT -stty -echo -echo Password: >&2 -IFS= read -r PWD -stty echo -# Force newline -echo - -echo "Quota, in MiB (leave empty for unlimited quota):" >&2 -read -r QUOTA -QUOTA="${QUOTA:+"$(printf '%d' "$QUOTA")"}" - -PWD=$(printf '%s' "$PWD" | to_hex) -SALT=$(openssl rand -hex 32) -KEY=$(openssl rand -hex 32) -PWD=$(printf '%s%s' "$SALT" "$PWD") - -ROUNDS=1000 - -for i in $(seq $ROUNDS) -do - printf "\r%d/$ROUNDS" $i >&2 - PWD=$(printf '%s' "$PWD" | to_bin | openssl sha256 -r | cut -d' ' -f1) -done - -echo >&2 -TMP=$(mktemp_posix) - -cleanup() -{ - rm -f $TMP -} - -trap cleanup EXIT - -jq ".users += [ -{ - \"name\": \"$USER\", - \"password\": \""$PWD"\", - \"salt\": \"$SALT\", - \"key\": \"$KEY\", - \"quota\": \"$QUOTA\" -}]" "$DB" > $TMP - -mkdir -p "$DIR/user/$USER" -mv $TMP "$DB" |