Use SHA-2 by default instead of MD5 for password encrypting

Ilya Kaliman ilya.kaliman at gmail.com
Wed Dec 29 10:27:18 PST 2010


Sorry, but you didn't. It was just a reference for those who need
strong password security. I am perfectly fine with MD5 or SHA*. We may
just add a note to the book for people who need stronger security.

Best,
Ilya.

On Wed, Dec 29, 2010 at 6:28 PM, William Immendorf
<will.immendorf at gmail.com> wrote:
> On Wed, Dec 29, 2010 at 12:58 AM, Ilya Kaliman <ilya.kaliman at gmail.com> wrote:
>> By the way here is a nice article about why general purpose hash
>> functions are bad for hashing passwords:
>>
>> http://codahale.com/how-to-safely-store-a-password/
> I get the idea: You want use to use Blowfish for encrypting our
> passwords. However, this does require modifications to Glibc, Shadow,
> and even Sysvinit to support this path, and it requires a lot of
> effort to support this scheme, while with SHA-2, it's supported right
> out of the box and provides much more security than MD5.
>
> But if enough people have their heart set on Blowfish, we will be
> willing to use that. For now, we are going to use SHA-512.
>
> --
> William Immendorf
> The ultimate in free computing.
> Messages in plain text, please, no HTML.
> GPG key ID: 1697BE98
> If it's not signed, it's not from me.
>
> --------------
>
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman
> --
> http://linuxfromscratch.org/mailman/listinfo/lfs-dev
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page
>



More information about the lfs-dev mailing list