From 10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b Mon Sep 17 00:00:00 2001 From: Xavier Del Campo Romero Date: Wed, 8 Oct 2025 13:50:52 +0200 Subject: Replace OpenSSL with libsodium and argon2id The SHA256-based password hashing algorithm used by slcl(1) and usergen(1) is considered insecure against several kinds of attacks, including brute force attacks. [1] Therefore, a stronger password hashing algorithm based on the Argon2id key derivation function is now used by default. While OpenSSL does support Argon2id, it is only supported by very recent versions [2], which are still not packaged by most distributions as of the time of this writing. [3] As an alternative to OpenSSL, libsodium [4] had several benefits: - It provides easy-to-use functions for password hashing, base64 encoding/decoding and other cryptographic primitives used by slcl(1) and usergen(1). - It is packaged by most distributions [5], and most often only the patch version differs, which ensures good compatibility across distributions. Unfortunately, and as opposed to OpenSSL, libsodium does not come with command-line tools. Therefore, usergen(1) had to be rewritten in C. In order to maintain backwards compatiblity with existing databases, slcl(1) and usergen(1) shall support the insecure, SHA256-based password hashing algorithm. However, Argon2id shall now be the default choice for usergen(1). [1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords [2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/ [3]: https://repology.org/project/openssl/versions [4]: https://www.libsodium.org/ [5]: https://repology.org/project/libsodium/versions --- usergen | 97 ----------------------------------------------------------------- 1 file changed, 97 deletions(-) delete mode 100755 usergen (limited to 'usergen') diff --git a/usergen b/usergen deleted file mode 100755 index eac072b..0000000 --- a/usergen +++ /dev/null @@ -1,97 +0,0 @@ -#! /bin/sh - -set -e - -usage() -{ - echo "$0 " -} - -to_hex() -{ - od -An -t x1 | tr -d ' ' | tr -d '\n' -} - -to_bin() -{ - sed -e 's,\([0-9a-f]\{2\}\),\\\\\\x\1,g' | xargs printf -} - -mktemp_posix() -{ - m4 <&2 - exit 1 -fi - -DIR=$1 - -echo Username: >&2 -IFS= read -r USER - -if printf '%s' "$USER" | grep -qe '[[:space:]]' -then - echo Username cannot contain whitespaces >&2 - exit 1 -fi - -DB="$DIR/db.json" - -if jq '.users[].name' "$DB" | grep -q $USER -then - echo User $USER already in $DB >&2 - exit 1 -fi - -TTYCFG=$(stty -g) -trap "stty $TTYCFG" INT QUIT TERM EXIT -stty -echo -echo Password: >&2 -IFS= read -r PWD -stty echo -# Force newline -echo - -echo "Quota, in MiB (leave empty for unlimited quota):" >&2 -read -r QUOTA -QUOTA="${QUOTA:+"$(printf '%d' "$QUOTA")"}" - -PWD=$(printf '%s' "$PWD" | to_hex) -SALT=$(openssl rand -hex 32) -KEY=$(openssl rand -hex 32) -PWD=$(printf '%s%s' "$SALT" "$PWD") - -ROUNDS=1000 - -for i in $(seq $ROUNDS) -do - printf "\r%d/$ROUNDS" $i >&2 - PWD=$(printf '%s' "$PWD" | to_bin | openssl sha256 -r | cut -d' ' -f1) -done - -echo >&2 -TMP=$(mktemp_posix) - -cleanup() -{ - rm -f $TMP -} - -trap cleanup EXIT - -jq ".users += [ -{ - \"name\": \"$USER\", - \"password\": \""$PWD"\", - \"salt\": \"$SALT\", - \"key\": \"$KEY\", - \"quota\": \"$QUOTA\" -}]" "$DB" > $TMP - -mkdir -p "$DIR/user/$USER" -mv $TMP "$DB" -- cgit v1.2.3