Re: Default password hash
On 8 Jun 2012, at 13:51, Dag-Erling Sm=F8rgrav wrote:
> We still have MD5 as our default password hash, even though known-hash
> attacks against MD5 are relatively easy these days. We've supported
> SHA256 and SHA512 for many years now, so how about making SHA512 the
> default instead of MD5, like on most Linux distributions?
Has anyone looked at how long the SHA512 password hashing actually takes =
on modern computers?
The "real" solution for people who care significantly about this seems =
something like the algorithm pjd implemented (I think he did it at =
least) for GELI, where the number of rounds is variable and calculated =
so it takes X/0.X seconds on the specific hardware used. That's of =
course a lot more complicated, and I'm not sure if it would work with =
the crypt() API.
Also, does anyone know if our SHA512 is compatible with the format used =
by Linux, other BSD's etc?
--=20
Simon L. B. Nielsen
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 24 之 47 篇):