[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Revisiting the SHA1 default password hash

Quanah Gibson-Mount wrote:
--On Friday, February 24, 2017 8:32 PM +0000 Howard Chu <hyc@symas.com> wrote:

Yes, but there should be something stronger.

How about moving ./contrib/slapd-modules/passwd/pbkdf2 to core?

Yeah at this point we can probably bypass SHA2 and just go straight to
SHA3. There's a lot of crypto software out there already using it. pbkdf2
is still using SHA2.

Worthwhile to read over:

Hm, where did these recommendations come from? They include Scrypt among their recommendations, but there are Scrypt ASICs all over the web already making it trivially hackable.

e.g. http://zoomhash.com/  (just google "scrypt asic" ...)

libsodium's a pretty trivial compile, I added it to Zimbra a while back for
another project.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/