DragonFly BSD
DragonFly bugs List (threaded) for 2012-10
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

[DragonFlyBSD - Bug #2427] SHA3/Password Hash


From: Robin Carey via Redmine <bugtracker-admin@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 3 Oct 2012 01:46:51 -0700

Issue #2427 has been reported by Robin Carey.

----------------------------------------
Bug #2427: SHA3/Password Hash
http://bugs.dragonflybsd.org/issues/2427

Author: Robin Carey
Status: New
Priority: Normal
Assignee: 
Category: 
Target version: 


Dear DragonFlyBSD bugs,

I just learned this morning that NIST has completed their competition for
the new SHA3
cryptographic hash algorithm:

http://www.nist.gov/itl/csd/sha-100212.cfm

----

I would recommend that DragonFlyBSD consider deprecating SHA2 for password
hashes, and adopting the new SHA3 algorithm/standard (since SHA1 has been
broken and SHA2 is very similar to SHA1; but note that I bbelieve SHA2 is
still
considered safe/secure).


Another reason why:

http://slashdot.org/index2.pl?fhfilter=openwall

OR

Go to www.slashdot.org and search for "openwall" or "John the Ripper" to
see article on:

"John the Ripper Cracks Slow Hashes On
GPU<http://linux.slashdot.org/story/12/07/04/1922244/john-the-ripper-cracks-slow-hashes-on-gpu>
"

Basically, even SHA512 was considered problematic in the above article
on cracking password hashes (presumably by brute force).

-- 
Sincerely,

Robin Carey BSc


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]