On Wed, Dec 29, 2010 at 12:58 AM, Ilya Kaliman <ilya.kali...@gmail.com> wrote: > By the way here is a nice article about why general purpose hash > functions are bad for hashing passwords: > > http://codahale.com/how-to-safely-store-a-password/ I get the idea: You want use to use Blowfish for encrypting our passwords. However, this does require modifications to Glibc, Shadow, and even Sysvinit to support this path, and it requires a lot of effort to support this scheme, while with SHA-2, it's supported right out of the box and provides much more security than MD5.
But if enough people have their heart set on Blowfish, we will be willing to use that. For now, we are going to use SHA-512. -- William Immendorf The ultimate in free computing. Messages in plain text, please, no HTML. GPG key ID: 1697BE98 If it's not signed, it's not from me. -------------- "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
