svn commit: r237269 - in head: etc lib/libutil
Alexey Dokuchaev
danfe at FreeBSD.org
Tue Jun 19 17:17:26 UTC 2012
On Tue, Jun 19, 2012 at 05:21:13PM +0100, Chris Rees wrote:
> On Jun 19, 2012 5:15 PM, "Alexey Dokuchaev" <danfe at freebsd.org> wrote:
> > Pardon my possible unawareness, but was this change discussed anywhere?
>
> http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html
Thanks for the link, I didn't check -security@ for some reason.
> > I understand the rationale to move away from MD5, but reasons for SHA512
> > seem moot. I've personally had been using Blowfish for password hashes
> > since OpenBSD switched to it, for example, as fast and apparently reliable
> > hash. Is there anything wrong with it? Why SHA512 is clear winner here?
> > FWIW, ports use SHA256 for now. Could it be that switch to SHA512 will
> > impose performance problems?
>
> Why would you want password matching to be fast? That makes brute-forcing
> easier.
Maybe I don't. I just want to know if I should switch from Blowfish to
SHA512. It seems that the former is quite popular judging from discussion
link given above. It also seems that des@' rationale for the switch boils
down to "I vastly prefer sha512 to blf, as that is what the rest of the
world uses." If there's nothing wrong with Blowfish, I guess I'll stick to
it as I prefer compatibility among *BSD to some weird Unix clones. :-)
./danfe
More information about the svn-src-all
mailing list