On 7/15/2012 2:14 AM, Ed W wrote:
>
Interestingly, there doesn't seem to be so much difference between
iterated sha-512 (sha512crypt) and bcrypt. Based on looking at latest
john the ripper results (although I'm a bit confused because they don't
seem to quote the baseline results using the normal default number of
rounds?)
So I think right now, many/most modern glibc are shipping with
sha256/512crypt implementations (recently uclibc also added this).
Indeed. What I have seen is a create deal of variation in the
configuration (/etc/login.defs or your distro's equivalent) in terms of
making use of such things.
I don't see any added value to bcrypt over iterated SHA-512, really, and
while I don't even pretend to claim I've looked at all distros, even
"old-school" ones like Slackware have full support for it. I suspect
many admins doubt this because of configurations that don't make use of
the modern hashing functionality.
Converting shadow files and/or login.defs would seem to be the bulk of
the SysAdmin work to beef up the protection to bcrypt levels here.
Remember to keep this in perspective though - as the nature of this
"vulnerability" extends to the case where your shadow file's hashes have
been cloned, meaning a root-compromise or local device clone/access was
made of it, etc.
=R=
