[OpenWrt-Devel] r46816, remove unused crypt() algorithms -> switch to sha512?

Felix Fietkau nbd at openwrt.org
Tue Sep 15 04:00:43 EDT 2015

On 2015-09-15 08:20, Etienne Champetier wrote:
> Hi,
> Le 15 sept. 2015 01:40, "Felix Fietkau" <nbd at openwrt.org
> <mailto:nbd at openwrt.org>> a écrit :
>> On 2015-09-15 00:22, Etienne Champetier wrote:
>> > Hi Felix,
>> >
>> > Maybe we should keep sha512 and switch to it? md5 is not best security
>> > practice these days.
>> I don't see the point. It's true that for file integrity purposes, md5
>> is weaker than sha512, but for salted passwords it should not make much
>> of a practical difference. Cryptographic attacks against MD5 don't work
>> here, brute force is still the fastest way to crack those.
> Yep, and there is a 100x between md5 and sha512, so it does matter a bit
> http://blog.codinghorror.com/speed-hashing/
If you're interested in making passwords hard to crack, switching to
SHA512 is an almost pointless band-aid, not a real fix. In the world of
cryptography, a 100x increase isn't exactly a lot. If you want to make
passwords really hard to crack, you could make the code use something
like PBKDF2...

>> > I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow
>> Not a very convincing reason for me. The impractical aspect of switching
>> password hashing algorithms is that we then need to support both the new
>> one and the old one for a long time.
> If 5k is the cost of some more security, i'm personnaly OK to pay the price
If you propose a real fix (e.g. using a hash that was not designed to be
fast), I will have no problem with adding a few kilobytes of bloat...

- Felix
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list