This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/13286] RFE: bcrypt support

From: "lsof at nodata dot co.uk" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Thu, 13 Oct 2011 12:08:26 +0000
Subject: [Bug libc/13286] RFE: bcrypt support
Auto-submitted: auto-generated
References: <bug-13286-131@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=13286

--- Comment #2 from lsof at nodata dot co.uk 2011-10-13 12:08:26 UTC ---
(In reply to comment #1)
> What's wrong with the SHA-256 and SHA-512 based ways added in 2.7?

They're not designed for passwords, they're general purpose hashes.

> That says nothing about the SHA-256 and SHA-512 based methods.

I think it does. One of the headings is "Why Not {MD5, SHA1, SHA256, SHA512,
SHA-3, etc}?"

> So are the methods added in 2.7.
> 
> http://www.akkadia.org/drepper/sha-crypt.html

The Coda Hale article says that salts aren't helpful for preventing dictionary
attacks or brute force attacks.

The Drepper article is from 2007, before crazy-fast video card processing
arrived for almost no money.

bcrypt is designed for secure password storage so the benefit to glibc would be
increased security.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

References:
- [Bug libc/13286] New: RFE: bcrypt support
  - From: lsof at nodata dot co.uk

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]