On Mon, Jun 11, 2012 at 10:51:45AM +0200, Dag-Erling Smørgrav wrote: > Damian Weber <dwe...@htw-saarland.de> writes: > > *collision* attacks are relatively easy these days, but against 1 MD5, > > not against 1000 times MD5 > > I'm not talking about collision attacks, I'm talking about brute-forcing > hashes. > > > there is a NIST hash competition running, the winner will soon be announced > > (and it won't be SHA256 or SHA512 ;-) > > http://csrc.nist.gov/groups/ST/hash/timeline.html > > so my suggestion would be to use all of the finalists - especially > > the winner - for password hashing > > * BLAKE > > * Grøstl > > * JH > > * Keccak > > * Skein > > see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm > > There's a world of difference between switching the default to an > algorithm we already support and which is widely used by other operating > systems, and switching to a completely knew and untested algorithm.
BTW Solaris 10 and 11 support our Blowfish algorithm, Solaris 10 >= 10/08 supports SHA256 and SHA512 and SHA256 was mad the default algorithm in Solaris 11. Some Linux variants support Blowfish and from glibc 2.7 on they have support for SHA256 and SHA512. So the least common denominator if we want to use a compatible format is SHA256/SHA512.
pgpwbHE2hL5Qm.pgp
Description: PGP signature
