Date: Tue, 19 Jun 2012 17:21:13 +0100 From: Chris Rees <utisoft@gmail.com> To: Alexey Dokuchaev <danfe@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Dag-Erling Smorgrav <des@freebsd.org> Subject: Re: svn commit: r237269 - in head: etc lib/libutil Message-ID: <CADLo838XD7uf798uaQhx6zAEP86QbqcKByZrn%2B5qn%2BTUyztT-g@mail.gmail.com> In-Reply-To: <20120619161320.GA54109@FreeBSD.org> References: <201206191446.q5JEkJTY050836@svn.freebsd.org> <20120619161320.GA54109@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 19, 2012 5:15 PM, "Alexey Dokuchaev" <danfe@freebsd.org> wrote: > > On Tue, Jun 19, 2012 at 02:46:19PM +0000, Dag-Erling Smorgrav wrote: > > Author: des > > Date: Tue Jun 19 14:46:18 2012 > > New Revision: 237269 > > URL: http://svn.freebsd.org/changeset/base/237269 > > > > Log: > > Switch the default password hash from md5 to sha512. > > Pardon my possible unawareness, but was this change discussed anywhere? http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html > I understand the rationale to move away from MD5, but reasons for SHA512 > seem moot. I've personally had been using Blowfish for password hashes > since OpenBSD switched to it, for example, as fast and apparently reliable > hash. Is there anything wrong with it? Why SHA512 is clear winner here? > FWIW, ports use SHA256 for now. Could it be that switch to SHA512 will > impose perfomance problems? Why would you want password matching to be fast? That makes brute-forcing easier. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo838XD7uf798uaQhx6zAEP86QbqcKByZrn%2B5qn%2BTUyztT-g>