Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.
(Score: 0) by Anonymous Coward on Thursday May 24 2018, @03:20PM
Doesn't that mean those two algos offer more potential for DoS attacks? Running out of RAM seems more like a DoS situation than high CPU usage.
Seems like the author is biased if he can claim that high CPU usage due to long passwords is DoS potential but give high recommendations to algos with high memory usage:
You can limit the password length to something manageable so there's no CPU DoS. But if you reduce the memory usage then where's the "security by obesity" advantage over stuff like PBKDF2?