Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1975402 (yescrypt_shadow) - Use yescrypt as default hashing method for shadow passwords
Summary: Use yescrypt as default hashing method for shadow passwords
Keywords:
Status: ON_QA
Alias: yescrypt_shadow
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Björn 'besser82' Esser
QA Contact:
URL:
Whiteboard:
Depends On: yescrypt_accountsservice yescrypt_anaconda
Blocks: F35Changes
TreeView+ depends on / blocked
 
Reported: 2021-06-23 15:34 UTC by Ben Cotton
Modified: 2021-06-28 21:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
Fedora now uses the yescrypt hash method for new passwords. There are no visible changes nor impacts to the end-user. Users are recommended to change their existing passwords after upgrading.
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ben Cotton 2021-06-23 15:34:22 UTC 
This is a tracking bug for Change: Use yescrypt as default hashing method for shadow passwords
For more details, see: https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow

Make the yescrypt hashing method the default method used for new user passwords stored in /etc/shadow.

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
Comment 1 Björn 'besser82' Esser 2021-06-23 18:19:40 UTC 
The userspace packages have been adjusted for this change and the corresponding builds should be in the next compose.


https://bodhi.fedoraproject.org/updates/FEDORA-2021-273253eaf1

***

The only package left, thats needs to be updated and build is anaconda.
Comment 2 Björn 'besser82' Esser 2021-06-25 19:09:06 UTC 
(In reply to Björn 'besser82' Esser from comment #1)
> The only package left, thats needs to be updated and build is anaconda.

accountsservice needs to be patched [1,2], too.


[1]  https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/74
[2]  https://src.fedoraproject.org/rpms/accountsservice/pull-request/4
Comment 3 Björn 'besser82' Esser 2021-06-27 21:45:59 UTC 
(In reply to Björn 'besser82' Esser from comment #2)
> (In reply to Björn 'besser82' Esser from comment #1)
> > The only package left, thats needs to be updated and build is anaconda.
> 
> accountsservice needs to be patched [1,2], too.
> 
> 
> [1] 
> https://gitlab.freedesktop.org/accountsservice/accountsservice/-/
> merge_requests/74
> [2]  https://src.fedoraproject.org/rpms/accountsservice/pull-request/4


Now there is just anaconda left to be released by upstream and updated in Fedora.

Changing to status modified, as the change is testable by the means of userspace tooling.
Comment 4 Björn 'besser82' Esser 2021-06-28 21:03:56 UTC 
anaconda-35.18-1 has landed in Rawhide and should be picked up in the next compose.

Changing to status ON_QA, as the change should very likely be 100% code complete now.
Note You need to log in before you can comment on or make changes to this bug.