On 2015-09-15 00:22, Etienne Champetier wrote: > Hi Felix, > > Maybe we should keep sha512 and switch to it? md5 is not best security > practice these days. I don't see the point. It's true that for file integrity purposes, md5 is weaker than sha512, but for salted passwords it should not make much of a practical difference. Cryptographic attacks against MD5 don't work here, brute force is still the fastest way to crack those.
> I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow Not a very convincing reason for me. The impractical aspect of switching password hashing algorithms is that we then need to support both the new one and the old one for a long time. > I wonder if AF_ALG can be of any interest here (integrate needed algo by > default into the kernel, then patch core software to use kernel > implementation) That would just make it more bloated without making any real practical difference. This approach would be especially bad for CPU intensive crypto if the kernel can only do software crypto. In that case bouncing between kernel and user space would waste many CPU cycles. > To conclude maybe you should emit a clear error when we try a now > unsupported hash, > because crypt can be used by other app, so maybe you just broke another > app and someone will waste a good amount of time debugging it I don't think anything's using crypt() with a custom generated non-md5 salt. Most programs that store password hashes simply do their own crypto. - Felix _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
