SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
SoylentNews
posted by
chromas
on Thursday May 24 2018, @01:24PM
from the 694a5b3e413a0ac1a7daaba2116966ea356ff40328b556ed14781f2a67e2e909 dept.
from the 694a5b3e413a0ac1a7daaba2116966ea356ff40328b556ed14781f2a67e2e909 dept.
Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.
This discussion has been archived.
No new comments can be posted.
A Critique of sha256crypt / sha512crypt on GNU/Linux
|
Log In/Create an Account
| Top
| 28 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
How many QA engineers does it take to screw in a lightbulb?
3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.
(Score: 2) by JoeMerchant on Thursday May 24 2018, @03:22PM (2 children)
One point to factor in is: secure memory vs general RAM.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday May 24 2018, @03:35PM (1 child)
So it's an even bigger DoS problem?
(Score: 2) by JoeMerchant on Thursday May 24 2018, @04:18PM
If the attacker is overloading secure memory, then yes - it's easier to DoS because there's much less of it.
Follow on questions include: is secure memory even necessary in most situations? Instead of just drawing a pretty graph with a ramp on it, can you demonstrate a real-world attack scenario of any value? etc.
🌻🌻 [google.com]