Use SHA-2 by default instead of MD5 for password encrypting

William Immendorf will.immendorf at gmail.com
Wed Dec 29 07:28:14 PST 2010


On Wed, Dec 29, 2010 at 12:58 AM, Ilya Kaliman <ilya.kaliman at gmail.com> wrote:
> By the way here is a nice article about why general purpose hash
> functions are bad for hashing passwords:
>
> http://codahale.com/how-to-safely-store-a-password/
I get the idea: You want use to use Blowfish for encrypting our
passwords. However, this does require modifications to Glibc, Shadow,
and even Sysvinit to support this path, and it requires a lot of
effort to support this scheme, while with SHA-2, it's supported right
out of the box and provides much more security than MD5.

But if enough people have their heart set on Blowfish, we will be
willing to use that. For now, we are going to use SHA-512.

-- 
William Immendorf
The ultimate in free computing.
Messages in plain text, please, no HTML.
GPG key ID: 1697BE98
If it's not signed, it's not from me.

--------------

"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



More information about the lfs-dev mailing list