From 69301dfa24e8c4f2732fd92c137b04cea567e345 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Fri, 10 Apr 2020 14:09:55 +0300
Subject: [PATCH] login.defs: warn about weak choices

According to crypt(5), MD5 and DES should not be used for new
hashes. Also the default number of SHA rounds chosen by libc is orders
of magnitude too low for modern hardware. Let's warn the users about
weak choices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 etc/login.defs                            | 4 +++-
 man/login.defs.d/ENCRYPT_METHOD.xml       | 3 +++
 man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/etc/login.defs b/etc/login.defs
index a2f8cd50..a0c3b0d1 100644
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -327,6 +327,7 @@ CHFN_RESTRICT		rwh
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
 # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
 # If set to DES, DES-based algorithm will be used for encrypting password (default)
+# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
 # Overrides the MD5_CRYPT_ENAB option
 #
 # Note: If you use PAM, it is recommended to use a value consistent with
@@ -342,7 +343,8 @@ CHFN_RESTRICT		rwh
 # However, more CPU resources will be needed to authenticate users if
 # this value is increased.
 #
-# If not specified, the libc will choose the default number of rounds (5000).
+# If not specified, the libc will choose the default number of rounds (5000),
+# which is orders of magnitude too low for modern hardware.
 # The values must be within the 1000-999999999 range.
 # If only one of the MIN or MAX values is set, then this value will be used.
 # If MIN > MAX, the highest value will be used.
diff --git a/man/login.defs.d/ENCRYPT_METHOD.xml b/man/login.defs.d/ENCRYPT_METHOD.xml
index 325d0251..af9d7f12 100644
--- a/man/login.defs.d/ENCRYPT_METHOD.xml
+++ b/man/login.defs.d/ENCRYPT_METHOD.xml
@@ -39,6 +39,9 @@
       <replaceable>MD5</replaceable><phrase condition="sha_crypt">,
       <replaceable>SHA256</replaceable>,
       <replaceable>SHA512</replaceable></phrase>.
+      MD5 and DES should not be used for new hashes, see
+      <refentrytitle>crypt</refentrytitle><manvolnum>5</manvolnum>
+      for recommendations.
     </para>
     <para>
       Note: this parameter overrides the <option>MD5_CRYPT_ENAB</option>
diff --git a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
index 0755e690..7f0f9648 100644
--- a/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
+++ b/man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml
@@ -44,7 +44,7 @@
     </para>
     <para>
       If not specified, the libc will choose the default number of rounds
-      (5000).
+      (5000), which is orders of magnitude too low for modern hardware.
     </para>
     <para>
       The values must be inside the 1000-999,999,999 range.