svn commit: r237269 - in head: etc lib/libutil
Chris Rees
utisoft at gmail.com
Tue Jun 19 16:21:16 UTC 2012
On Jun 19, 2012 5:15 PM, "Alexey Dokuchaev" <danfe at freebsd.org> wrote:
>
> On Tue, Jun 19, 2012 at 02:46:19PM +0000, Dag-Erling Smorgrav wrote:
> > Author: des
> > Date: Tue Jun 19 14:46:18 2012
> > New Revision: 237269
> > URL: http://svn.freebsd.org/changeset/base/237269
> >
> > Log:
> > Switch the default password hash from md5 to sha512.
>
> Pardon my possible unawareness, but was this change discussed anywhere?
http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html
> I understand the rationale to move away from MD5, but reasons for SHA512
> seem moot. I've personally had been using Blowfish for password hashes
> since OpenBSD switched to it, for example, as fast and apparently reliable
> hash. Is there anything wrong with it? Why SHA512 is clear winner here?
> FWIW, ports use SHA256 for now. Could it be that switch to SHA512 will
> impose perfomance problems?
Why would you want password matching to be fast? That makes brute-forcing
easier.
Chris
More information about the svn-src-head
mailing list