Bug #2427
closedSHA3/Password Hash
0%
Description
Dear DragonFlyBSD bugs,
I just learned this morning that NIST has completed their competition for
the new SHA3
cryptographic hash algorithm:
http://www.nist.gov/itl/csd/sha-100212.cfm
I would recommend that DragonFlyBSD consider deprecating SHA2 for password
hashes, and adopting the new SHA3 algorithm/standard (since SHA1 has been
broken and SHA2 is very similar to SHA1; but note that I bbelieve SHA2 is
still
considered safe/secure).
Another reason why:
http://slashdot.org/index2.pl?fhfilter=openwall
OR
Go to www.slashdot.org and search for "openwall" or "John the Ripper" to
see article on:
"John the Ripper Cracks Slow Hashes On
GPU<http://linux.slashdot.org/story/12/07/04/1922244/john-the-ripper-cracks-slow-hashes-on-gpu>
"
Basically, even SHA512 was considered problematic in the above article
on cracking password hashes (presumably by brute force).
--
Sincerely,
Robin Carey BSc