Date: Sun, 10 Jun 2012 11:02:50 +0100 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 Jun 2012, at 13:51, Dag-Erling Sm=F8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. We've supported > SHA256 and SHA512 for many years now, so how about making SHA512 the > default instead of MD5, like on most Linux distributions? Has anyone looked at how long the SHA512 password hashing actually takes = on modern computers? The "real" solution for people who care significantly about this seems = something like the algorithm pjd implemented (I think he did it at = least) for GELI, where the number of rounds is variable and calculated = so it takes X/0.X seconds on the specific hardware used. That's of = course a lot more complicated, and I'm not sure if it would work with = the crypt() API. Also, does anyone know if our SHA512 is compatible with the format used = by Linux, other BSD's etc? --=20 Simon L. B. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6E26E03B-8D1D-44D3-B94E-0552BE5CA894>