Bugzilla – Bug 1223089
[doc] Issue in "Password settings options", DES is not the default and definitely not a secure one
Last modified: 2024-06-05 11:34:11 UTC
Password settings options: https://documentation.suse.com/sles/15-SP5/html/SLES-all/cha-configuration-installation-options.html#CreateProfile-Security-password --- cut --- 4.28.1 Password settings options Use this resource to activate one of the encryption methods currently supported. If not set, DES is configured. DES, the Linux default method, works in all network environments, but it restricts you to passwords no longer than eight characters. MD5 allows longer passwords, thus provides more security, but some network protocols do not support this, and you may have problems with NIS. Blowfish is also supported. --- cut --- This paragraph tells the user that DES is the default encryption method, but it's so insecure that it can't be true. I think it might need some hints from the security team for a bigger rewrite. In YaST/AutoYaST, the default can be found here https://github.com/yast/yast-users/blob/SLE-15-SP5/src/lib/users/encryption_method.rb#L61 It's **sha512** (thx, jreidinger)
See also https://github.com/yast/yast-users/blob/SLE-15-SP5/src/lib/users/encryption_method.rb#L42-L58 # "blowfish" is also known to UsersSimple, but it's not longer offered # as a valid option. See fate#312321 LABELS = { # TRANSLATORS: encryption type "des" => N_("DES"), # TRANSLATORS: encryption type "md5" => N_("MD5"), # TRANSLATORS: encryption type "sha256" => N_("SHA-256"), # TRANSLATORS: encryption type "sha512" => N_("SHA-512") }.freeze
Thank you for reporting this bug! It is being tracked and processed as part of our queue.
Tracked by https://github.com/SUSE/doc-sle/pull/1727