SoylentNews

A Critique of sha256crypt / sha512crypt on GNU/Linux

posted by chromas on Thursday May 24 2018, @01:24PM   
from the 694a5b3e413a0ac1a7daaba2116966ea356ff40328b556ed14781f2a67e2e909 dept.

canopic jug writes:

Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.

---

Original Submission

• Re:"Dangerous" Re:"Dangerous" (Score: 2) by FatPhil on Thursday May 24 2018, @04:37PM (2 children)

  by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Thursday May 24 2018, @04:37PM (#683609) Homepage

  The best bit of the article for me, as someone who's been accused of using a "carp" architecture (ARM) rather than the non-carp x86, was this bit:
  "Ulrich Drepper tried creating something [better than what already was there], and ended up creating something worse."

  --
  Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:"Dangerous" Re:"Dangerous" (Score: 3, Touché) by LoRdTAW on Thursday May 24 2018, @05:17PM (1 child)

  by LoRdTAW (3755) on Thursday May 24 2018, @05:17PM (#683629) Journal

  ARM is a carp architecture? Something fishy about that accusation...

  Parent

  • Re:"Dangerous" (Score: 3, Funny) by JNCF on Thursday May 24 2018, @09:51PM

    by JNCF (4317) on Thursday May 24 2018, @09:51PM (#683773) Journal

    It's a riscy claim to make.

    Parent