Default password hash
Dag-Erling Smørgrav
des at des.no
Mon Jun 11 08:51:46 UTC 2012
Damian Weber <dweber at htw-saarland.de> writes:
> *collision* attacks are relatively easy these days, but against 1 MD5,
> not against 1000 times MD5
I'm not talking about collision attacks, I'm talking about brute-forcing
hashes.
> there is a NIST hash competition running, the winner will soon be announced
> (and it won't be SHA256 or SHA512 ;-)
> http://csrc.nist.gov/groups/ST/hash/timeline.html
> so my suggestion would be to use all of the finalists - especially
> the winner - for password hashing
> * BLAKE
> * Grøstl
> * JH
> * Keccak
> * Skein
> see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm
There's a world of difference between switching the default to an
algorithm we already support and which is widely used by other operating
systems, and switching to a completely knew and untested algorithm.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list