[Pkg-shadow-devel] Bug#1124835: chpasswd hash check goes too far
Marc Haber
mh+debian-packages at zugschlus.de
Sat Jan 10 20:21:43 GMT 2026
After sleeping about this for a few nights and updating again to -4, I
now have the following:
|root at swivel-sid-buildd-amd64-q6ep:/srv# mkpasswd --hash=yescrypt foobar
|$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8
|root at swivel-sid-buildd-amd64-q6ep:/srv# useradd aust
|root at swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:!' | chpasswd --encrypted
|chpasswd: (line 1, user aust) invalid password hash
|chpasswd: error detected, changes ignored
|root at swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:*' | chpasswd --encrypted
|root at swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:!$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8' | chpasswd --encrypted
|root at swivel-sid-buildd-amd64-q6ep:/srv# echo 'aust:*$y$j9T$itVnlTtTBYo6Q2bWxDWxp.$iTCN.Ho/RhgFmNRMi7Un1zWjCQH/wEb1x2HD16pAbF8' | chpasswd --encrypted
|chpasswd: (line 1, user aust) invalid password hash
|chpasswd: error detected, changes ignored
|root at swivel-sid-buildd-amd64-q6ep:/srv#
! => not accepted
* => accepted
!(valid hash) => accepted
*(valid hash) => not accepted
Is this really intended? Isnt this introducing semantics that were never
intended? Ths TUHS Mailing List has basically confirmed that ! and *
just are strings that can never come out of hashing a valid password.
Greetings
Marc
More information about the Pkg-shadow-devel
mailing list