Default password hash
Lars Engels
lars.engels at 0x20.net
Mon Jun 11 09:35:07 UTC 2012
On Mon, Jun 11, 2012 at 10:51:45AM +0200, Dag-Erling Smørgrav wrote:
> Damian Weber <dweber at htw-saarland.de> writes:
> > *collision* attacks are relatively easy these days, but against 1 MD5,
> > not against 1000 times MD5
>
> I'm not talking about collision attacks, I'm talking about brute-forcing
> hashes.
>
> > there is a NIST hash competition running, the winner will soon be announced
> > (and it won't be SHA256 or SHA512 ;-)
> > http://csrc.nist.gov/groups/ST/hash/timeline.html
> > so my suggestion would be to use all of the finalists - especially
> > the winner - for password hashing
> > * BLAKE
> > * Grøstl
> > * JH
> > * Keccak
> > * Skein
> > see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm
>
> There's a world of difference between switching the default to an
> algorithm we already support and which is widely used by other operating
> systems, and switching to a completely knew and untested algorithm.
BTW Solaris 10 and 11 support our Blowfish algorithm, Solaris 10 >= 10/08
supports SHA256 and SHA512 and SHA256 was mad the default algorithm in
Solaris 11.
Some Linux variants support Blowfish and from glibc 2.7 on they have
support for SHA256 and SHA512.
So the least common denominator if we want to use a compatible format is
SHA256/SHA512.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120611/69b953c4/attachment.pgp
More information about the freebsd-security
mailing list