Date: Mon, 11 Jun 2012 11:35:05 +0200 From: Lars Engels <lars.engels@0x20.net> To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no> Cc: Damian Weber <dweber@htw-saarland.de>, freebsd-security@freebsd.org, Gleb Kurtsou <gleb.kurtsou@gmail.com>, "Simon L. B. Nielsen" <simon@freebsd.org> Subject: Re: Default password hash Message-ID: <20120611093505.GN5592@e-new.0x20.net> In-Reply-To: <86ehpmp6xq.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no> <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org> <20120610145351.GA1098@reks> <alpine.BSF.2.00.1206101826300.2189@magritte.htw-saarland.de> <86ehpmp6xq.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--aKeOajaNu7w8cMvA Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 11, 2012 at 10:51:45AM +0200, Dag-Erling Sm=C3=B8rgrav wrote: > Damian Weber <dweber@htw-saarland.de> writes: > > *collision* attacks are relatively easy these days, but against 1 MD5,= =20 > > not against 1000 times MD5 >=20 > I'm not talking about collision attacks, I'm talking about brute-forcing > hashes. >=20 > > there is a NIST hash competition running, the winner will soon be annou= nced > > (and it won't be SHA256 or SHA512 ;-) > > http://csrc.nist.gov/groups/ST/hash/timeline.html > > so my suggestion would be to use all of the finalists - especially > > the winner - for password hashing > > * BLAKE > > * Gr=C3=B8stl=20 > > * JH > > * Keccak > > * Skein > > see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm >=20 > There's a world of difference between switching the default to an > algorithm we already support and which is widely used by other operating > systems, and switching to a completely knew and untested algorithm. BTW Solaris 10 and 11 support our Blowfish algorithm, Solaris 10 >=3D 10/08 supports SHA256 and SHA512 and SHA256 was mad the default algorithm in Solaris 11. Some Linux variants support Blowfish and from glibc 2.7 on they have support for SHA256 and SHA512. So the least common denominator if we want to use a compatible format is SHA256/SHA512. --aKeOajaNu7w8cMvA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/Vu8kACgkQKc512sD3afjwPgCfejKC5+LB0Hbr6Md2NGoKCoB8 ctgAmwbE4CdEDBzm8pwcCX/SOvsm3RVF =9E9D -----END PGP SIGNATURE----- --aKeOajaNu7w8cMvA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120611093505.GN5592>