I can very well see the so proud PHK getting "slightly offended" by the idea that his design could be less than perfect.
Don't use sha256crypt/sha512crypt as shipped with #GNU / #Linux- they're dangerous.
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ …
#BSD #Unixpic.twitter.com/4Zfz19iRS7
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Great analysis! Any idea about about the Juniper/NetBSD implementation of sha1crypt (hashcat mode 15100)? Did it get the same execution-impacting "improvements" over md5crypt?
-
I will look, and get back to you. Remind me if you don't see anything in the next couple of hours.
- Show replies
New conversation -
-
-
This Tweet is unavailable.
-
I remember seeing it mentioned somewhere online- I don't remember by whom nor where, but it has always stuck with me. It's perfectly descriptive.
End of conversation
-
-
-
It looks like this is the glibc bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16814 …
-
I would love to see Argon2 or scrypt implemented in glibc as the default password hashing algorithm. Here's to hoping.
End of conversation
New conversation -
-
-
who has 4000bytes password?
-
No one (at least I hope). The 4 KB password payload is to illustrate the behavior of the password hashing primitive. Where password hashing primitives designed by actual crytpographers stay flat, md5crypt and the sha256/512crypt functions are not.
- Show replies
New conversation -
-
-
This Tweet is unavailable.
- End of conversation
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.