From d75648f3264d83f98d7de10ad4fdc68809885bd5 Mon Sep 17 00:00:00 2001 From: "Lorenzo \"Palinuro\" Faletra" Date: Fri, 28 Jun 2024 12:55:25 +0000 Subject: [PATCH] [users] Use yescrypt instead of sha512 Use yescrypt instead of sha512 when CRYPT_GENSALT is not used and the salt is manually determined. yescrypt is the default key derivation function in almost every modern distro and grants higher levels of security. https://www.openwall.com/yescrypt/ --- src/modules/users/SetPasswordJob.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/users/SetPasswordJob.cpp b/src/modules/users/SetPasswordJob.cpp index f0c8b0b71..ad1cebcda 100644 --- a/src/modules/users/SetPasswordJob.cpp +++ b/src/modules/users/SetPasswordJob.cpp @@ -64,7 +64,7 @@ SetPasswordJob::make_salt( int length ) cWarning() << "Entropy data for salt is low-quality."; } - salt_string.insert( 0, "$6$" ); + salt_string.insert( 0, "$y$" ); salt_string.append( '$' ); return salt_string; }