Bug 11201

Summary: crypt()
Product: Busybox Reporter: Dhiraj <mishra.dhiraj95>
Component: OtherAssignee: unassigned
Status: RESOLVED INVALID    
Severity: normal CC: busybox-cvs
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description Dhiraj 2018-07-26 20:27:23 UTC 
File:/master/libbb/pw_encrypt.c#L151

Function crypt() is a poor one-way hashing algorithm; since it only accepts passwords of 8 characters or less, and only a two-byte salt, it is excessively vulnerable to dictionary/bruteforce based attacks given today's faster computing equipment.

Use a different algorithm, such as SHA-1, with a larger non-repeating salt.
Comment 1 Denys Vlasenko 2018-07-31 11:42:09 UTC 
What do you think pw_encrypt_sha.c is for?