[OpenWrt-Devel] r46816, remove unused crypt() algorithms -> switch to sha512?

Felix Fietkau nbd at openwrt.org
Tue Sep 15 04:14:59 EDT 2015


On 2015-09-15 10:00, Felix Fietkau wrote:
> On 2015-09-15 08:20, Etienne Champetier wrote:
>> Hi,
>> 
>> Le 15 sept. 2015 01:40, "Felix Fietkau" <nbd at openwrt.org
>> <mailto:nbd at openwrt.org>> a écrit :
>>>
>>> On 2015-09-15 00:22, Etienne Champetier wrote:
>>> > Hi Felix,
>>> >
>>> > Maybe we should keep sha512 and switch to it? md5 is not best security
>>> > practice these days.
>>> I don't see the point. It's true that for file integrity purposes, md5
>>> is weaker than sha512, but for salted passwords it should not make much
>>> of a practical difference. Cryptographic attacks against MD5 don't work
>>> here, brute force is still the fastest way to crack those.
>> 
>> Yep, and there is a 100x between md5 and sha512, so it does matter a bit
>> http://blog.codinghorror.com/speed-hashing/
> If you're interested in making passwords hard to crack, switching to
> SHA512 is an almost pointless band-aid, not a real fix. In the world of
> cryptography, a 100x increase isn't exactly a lot. If you want to make
> passwords really hard to crack, you could make the code use something
> like PBKDF2...
And here's another thing: There's an easy way you can increase the
cracking difficulty a lot more than 100x without having to change the
code at all: Just make your passwords two characters longer :)

- Felix
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list