Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.
(Score: 5, Interesting) by TheRaven on Thursday May 24 2018, @06:23PM
That's a feature, not a bug. Computing the hash for a single login is not very expensive in terms of total CPU resources, but attempting to brute-force a password is. The CPU cost acts to rate limit attackers. This is not just a nice benefit, this is something that is an explicit design goal for password hash algorithms.
sudo mod me up