I forgot to add the links...
http://people.redhat.com/drepper/sha-crypt.html
http://people.redhat.com/drepper/SHA-crypt.txt
On Oct 11, 2007, at 10:19 PM, james hughes wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512
has been proposed by RedHat but to my knowledge has not had any
rigorous analysis. The motivation for this is to replace MD-5 based
password hashing at banks where MD-5 is on the list of "do not use"
algorithms. I would prefer not to have the discussion "MD-5 is good
enough for this algorithm" since it is not an argument that the
customers requesting these changes are going to accept.
Jim
