Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] Switching default password hashes from sha512 to yescrypt
Date: Mon, 25 Jul 2022 15:31:10
Message-Id: CAGfcS_nHe+7JwJbe49k_Yovo5WSFV6+Wt4_YNaex-8JyERBEFw@mail.gmail.com
In Reply to: Re: [gentoo-dev] Switching default password hashes from sha512 to yescrypt by Marek Szuba
1 On Mon, Jul 25, 2022 at 11:11 AM Marek Szuba <marecki@g.o> wrote:
2 >
3 > On 2022-07-25 15:35, Peter Stuge wrote:
4 >
5 > > Please only do that based on proven merit and nothing else.
6 >
7 > https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
8 > , https://www.password-hashing.net/ , the fact we still us the default
9 > number of rounds (i.e. 5000) with SHA512 which is *ridiculously* weak
10 > for modern hardware, lack of Argon2 support in libxcrypt for the time
11 > being due to upstream having decided to wait for an official RFC. You
12 > can probably find more yourself if you look.
13
14 The fedora link in the original email details why they changed it. I
15 don't think regurgitating the argument will add to it. By all means
16 point out if there is a concern with their reasoning though.
17
18 My initial question was whether this was some vanity hash change but
19 the changes are intended to greatly increase the cost of cracking
20 attacks. I'm in no position to evaluate their merit but their
21 proposal contains various citations to people who presumably are.
22
23 --
24 Rich