Skip to main content

Custom algorithm for password hashing with vsftpd [Resolved]

Traditionally, when the client logs in, it sends the credentials (username+pw) without any further processing. The server then checks if an entry exists in its user database that matches the supplied credentials.

To render password recovery harder in case of database breach, the password is stored in its hashed form. This means that either the client or the server hashes the password and then the credentials are checked for a match.

However, if the client does the hashing, it effectively becomes useless. Why ? Because the hashed password is now used as the password. One could steal the database, read the hash and send that along with the username and still get an access.

This is why the hashing must be done on the server, so that without prior knowledge of the password it is impossible to log in.

However, I cannot find any way to achieve this with a PAM module so that vsftpd will use it for logins. Note that I do not want to use a normal hash function as these are not suitable for password. I need to use a KDF such as scrypt or bcrypt.

Do I have to code my own PAM module or do I have to generate htpasswd hashes on demand ?

tl;dr How to perform user authentication with serverside password hash for vsftpd ?

Asked March 20, 2017
Posted Under: Network
1 Answers

crypt() used by PAM might only support BCRYPT not SCRYPT (or none of both). In all cases you only need to set the method when encoding the password, not when checking it.

As vsftp uses the system password file, you need to reconfigure PAM to use BCRYPT. This depends on the actual unix/linux used. As soon as your passwd file contains $2y$ prefixed password hashes (you could generate them with a recent htpasswd -B you are done).

Some Linux supports authconfig --passalgo=blowfish --updatefor others you need to find the right PAM config file and add blowfish to the password line:

password sufficient /lib/security/ nullok use_authok blowfish shadow

Answered March 20, 2017
That's good to know, thanks. I will look into it. – Dreadlockyx 1 hour ago
 CanDoerz  2 days ago
You dont need to fork, PAM allows to load modules as dynamic libraries. I am sure somebody has written a scrypt module already (but I cant find it). Another option is to use a pam password verification helper. This is slower as it starts an external program but there you can use any language and dont need to create a dynlib. – eckes yesterday
 CanDoerz  2 days ago
So as you explained it, KDF support is regulated by PAM. If I want to use scrypt instead of bcrypt, I would have to use a fork of PAM, is that right ? – Dreadlockyx yesterday
 CanDoerz  2 days ago
Your Answer