Default password hash

Dag-Erling Smørgrav des at des.no
Mon Jun 11 08:51:46 UTC 2012


Damian Weber <dweber at htw-saarland.de> writes:
> *collision* attacks are relatively easy these days, but against 1 MD5, 
> not against 1000 times MD5

I'm not talking about collision attacks, I'm talking about brute-forcing
hashes.

> there is a NIST hash competition running, the winner will soon be announced
> (and it won't be SHA256 or SHA512 ;-)
> http://csrc.nist.gov/groups/ST/hash/timeline.html
> so my suggestion would be to use all of the finalists - especially
> the winner - for password hashing
>     * BLAKE
>     * Grøstl 
>     * JH
>     * Keccak
>     * Skein
> see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm

There's a world of difference between switching the default to an
algorithm we already support and which is widely used by other operating
systems, and switching to a completely knew and untested algorithm.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the freebsd-security mailing list