Bug 1253048 - "To create an encrypted password, use the following command:" improperly & unnecessarily suggests using custom salt
"To create an encrypted password, use the following command:" improperly & un...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Installation_Guide (Show other bugs)
6.7
Unspecified Unspecified
high Severity medium
: rc
: ---
Assigned To: Clayton Spicer
ecs-bugs
: Documentation
Depends On:
Blocks: 1253051
  Show dependency treegraph
 
Reported: 2015-08-12 16:06 EDT by Ryan Sawhill
Modified: 2016-08-25 20:41 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1253051 (view as bug list)
Environment:
Last Closed: 2016-08-25 20:41:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ryan Sawhill 2015-08-12 16:06:02 EDT
Document URL: 
  https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-options.html

Section Number and Name: 

  32.4 Kickstart Options

Describe the issue: 

  Twice on this page, you can find the following text:

    To create an encrypted password, use the following command:
      python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'
    This will create a sha512 crypt of your password using the provided salt. 

  Note that neither passwd nor grub-crypt let you specify custom salts ... so, to be clear, it's just not done, and a potentially bad practice to encourage.

Suggestions for improvement: 

  Remove all mentions of salt. The python version we have in RHEL6 and RHEL7 auto-generates an appropriate random salt when you don't specify it. Instead, the text could read:

    To create an encrypted password, use the following command:
      python -c 'import crypt; print(crypt.crypt("My Password"))'
    This will create a sha512 crypt-compatible hash of your password using a random salt. 

Additional information: 

  Here's what python's crypt looks like on RHEL6:

  # python -c 'import crypt; print(crypt.crypt("My Password"))'
  $6$ixr3bNcdW5VITMgz$8HJdnbow67FK8nDke3AyX19.Q1WqyRSM9CklF5sRcsp4j6crg0Kfm3RTTOLQibtUVGrTvK/BI5oDQ96Tx0cJq.

  # python -c 'import crypt; help(crypt.crypt)'
  Help on function crypt in module crypt:
  crypt(word, salt=None)
    Return a string representing the one-way hash of a password, with a salt
    prepended.
    
    If ``salt`` is not specified or is ``None``, the strongest
    available method will be selected and a salt generated.  Otherwise,
    ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as
    returned by ``crypt.mksalt()``.
    
    Note that these are non-standard extensions to Python 2.6's crypt.crypt()
    entrypoint, backported from 3.3: the standard Python 2.6 crypt.crypt()
    entrypoint requires two strings as the parameters, and does not support
    keyword arguments.
  (END)
Comment 2 Petr Bokoc 2015-12-14 08:56:40 EST
See the RHEL7 clone for details.

Note You need to log in before you can comment on or make changes to this bug.