[Pkg-shadow-devel] Bug#1124835: Bug#1124835: chpasswd hash check goes too far
Chris Hofstaedtler
zeha at debian.org
Wed Jan 7 23:17:25 GMT 2026
On Wed, Jan 07, 2026 at 07:50:57AM -0600, Serge E. Hallyn wrote:
> On Wed, Jan 07, 2026 at 11:18:49AM +0100, Chris Hofstaedtler wrote:
> > Hi,
> >
> > thanks. I've opened a report upstream.
> > https://github.com/shadow-maint/shadow/issues/1483
> >
> > On Wed, Jan 07, 2026 at 09:24:35AM +0100, Marc Haber wrote:
> > > On Wed, Jan 07, 2026 at 08:58:15AM +0100, Marc Haber wrote:
> > > > This is even worse now, chpasswd won't accept a perfectly valid yescrypt
> > > > hash:
> > > >
> > > > $ echo 9hKGOX79oaP4FEhQ2xQ6wLvPXsTTUtPiYu4QCXsc | mkpasswd --hash=yescrypt --stdin
> > > > $y$j9T$VPuG6eC6CTZG7fxHR1YwP0$kZeswr5rIJKCXbeLvE/R412AO4vB1HLwuBrqg1nnPU4
> > > > # echo "aust:$y$j9T$VPuG6eC6CTZG7fxHR1YwP0$kZeswr5rIJKCXbeLvE/R412AO4vB1HLwuBrqg1nnPU4" | chpasswd --encrypted
> > > > chpasswd: (line 1, user aust) invalid password hash
> > > > chpasswd: error detected, changes ignored
As noted by vinz, this is user error. After bash variable
interpolation, this became echo 'aust:' | chpasswd --encrypted. Not
what you wanted, I guess.
> > > # echo "aust:*" | chpasswd --encrypted
> > > chpasswd: (line 1, user aust) invalid password hash
> > > chpasswd: error detected, changes ignored
This and the !-variant will be fixed in a moment using patches from
Alejandro.
Chris
More information about the Pkg-shadow-devel
mailing list