Am 10.03.2012 21:15, schrieb Roy Smith: > By today's standards, the algorithm isn't considered very strong. The > only place I'm aware that uses it is unix password files, and even there > many (most?) systems have replaced it with something stronger such as > SHA1. Maybe Apache .htaccess files?
The algorithm with identifier 6 is a SHA-512 crypt algorithm with a lengthy salt (IIRC up to 1024 bits) and 40,000 rounds of SHA-512. It's the default algorithm on modern Linux machines and believed to be very secure. The large salt makes a rainbow table attack impossible and the 40,000 rounds require a lot of CPU time, even on modern systems. Christian -- http://mail.python.org/mailman/listinfo/python-list
