Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.
(Score: 2) by JoeMerchant on Thursday May 24 2018, @03:22PM (2 children)
One point to factor in is: secure memory vs general RAM.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday May 24 2018, @03:35PM (1 child)
So it's an even bigger DoS problem?
(Score: 2) by JoeMerchant on Thursday May 24 2018, @04:18PM
If the attacker is overloading secure memory, then yes - it's easier to DoS because there's much less of it.
Follow on questions include: is secure memory even necessary in most situations? Instead of just drawing a pretty graph with a ramp on it, can you demonstrate a real-world attack scenario of any value? etc.
🌻🌻 [google.com]