Bug #17135: Don't store the admin password in cleartext

Bug #17135

Don't store the admin password in cleartext

Added by segfault 2019-10-08 15:20:16 . Updated 2020-05-06 04:28:57 .

Status:

In Progress

Priority:

Normal

Assignee:

segfault

Category:

Target version:

Tails_4.7

Start date:

Due date:

% Done:

Feature Branch:

bugfix/17135-store-admin-pw-hashed

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

The Greeter currently stores the user-chosen admin password unhashed in /var/lib/gdm3/tails.password. In /etc/gdm3/PostLogin/Default, the password is then set via chpasswd and /var/lib/gdm3/tails.password is removed.

IMO, passwords should never be stored in cleartext. Instead, we should store them hashed and use chpasswd -e to set them.

This will also make it easier to persist the password, as part of persisting the Greeter options, which I plan to work on.

Subtasks

History

#1 Updated by segfault 2019-10-08 15:34:30

Description updated

#2 Updated by segfault 2019-10-08 15:36:14

Using chpasswd -e does not seem to be a good idea, because then chpasswd won’t use PAM to generate the password.

#3 Updated by segfault 2019-10-08 16:31:29

segfault wrote:
> Using chpasswd -e does not seem to be a good idea, because then chpasswd won’t use PAM to generate the password.

PAM uses the hash algorithm configured in /etc/login.defs, which is SHA512. So it should be fine if we generate the password with mkpasswd --method=sha512crypt and then set it via chpasswd -e. mkpasswd also takes care of generating a salt.