Stories
Slash Boxes
Comments

SoylentNews is people

A Critique of sha256crypt / sha512crypt on GNU/Linux

posted by chromas on Thursday May 24 2018, @01:24PM   Printer-friendly
from the 694a5b3e413a0ac1a7daaba2116966ea356ff40328b556ed14781f2a67e2e909 dept.

canopic jug writes:

Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.

Original Submission

 
This discussion has been archived. No new comments can be posted.
A Critique of sha256crypt / sha512crypt on GNU/Linux | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by TheRaven on Thursday May 24 2018, @06:23PM

    by TheRaven (270) on Thursday May 24 2018, @06:23PM (#683658) Journal

    - A long password hogs CPU - too many and you have denial of service.

    That's a feature, not a bug. Computing the hash for a single login is not very expensive in terms of total CPU resources, but attempting to brute-force a password is. The CPU cost acts to rate limit attackers. This is not just a nice benefit, this is something that is an explicit design goal for password hash algorithms.

    --
    sudo mod me up
    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=2, Informative=1, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5