This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13286] RFE: bcrypt support
- From: "lsof at nodata dot co.uk" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 13 Oct 2011 12:08:26 +0000
- Subject: [Bug libc/13286] RFE: bcrypt support
- Auto-submitted: auto-generated
- References: <bug-13286-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13286
--- Comment #2 from lsof at nodata dot co.uk 2011-10-13 12:08:26 UTC ---
(In reply to comment #1)
> What's wrong with the SHA-256 and SHA-512 based ways added in 2.7?
They're not designed for passwords, they're general purpose hashes.
> That says nothing about the SHA-256 and SHA-512 based methods.
I think it does. One of the headings is "Why Not {MD5, SHA1, SHA256, SHA512,
SHA-3, etc}?"
> So are the methods added in 2.7.
>
> http://www.akkadia.org/drepper/sha-crypt.html
The Coda Hale article says that salts aren't helpful for preventing dictionary
attacks or brute force attacks.
The Drepper article is from 2007, before crazy-fast video card processing
arrived for almost no money.
bcrypt is designed for secure password storage so the benefit to glibc would be
increased security.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.