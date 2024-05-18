18/05/24/0758216 story
Aaron Toponce demonstrates why he thinks that using sha256crypt or sha512crypt on current GNU/Linux operating systems is dangerous, and why he thinks that the developers of GLIBC should move to scrypt or Argon2, or at least bcrypt or PBKDF2. After going into a bit of analysis, he concludes that practically everything else should be avoided, especially md5crypt, sha256crypt, and sha512crypt and many others.
(Score: 2) by JoeMerchant on Thursday May 24, @02:00PM (1 child)
This is a big red flag saying: be suspicious of bcrypt and PBKDF2. Not that he's wrong, just suspicious.
(Score: 2) by FakeBeldin on Thursday May 24, @02:06PM
As the fine article points out, bcrypt and PBKDF2 are "CPU hard" (see the article to make that precise).
Argon and scrypt are both CPU hard *and* "memory hard" meaning that you cannot easily trade off CPU time for memory.
That's why those two come higher recommended: they offer additional protection against time-memory trade offs, which bcrypt nor PBKDF2 do.
