Issue #2427 has been updated by Samuel J. Greear. Status changed from New to Closed
SHA3 is actually a faster hash function than the SHA2 algorithms, making it less secure in the face of brute force attacks. We won't be changing our hash function until there is a compelling reason to do so, which I do not believe you have provided. Please follow-up if you can provide more compelling evidence that our existing hash (and Linux's, since we use their code) is broken or weak. Until such time, I am closing this. ---------------------------------------- Bug #2427: SHA3/Password Hash http://bugs.dragonflybsd.org/issues/2427 Author: Robin Carey Status: Closed Priority: Normal Assignee: Category: Target version: Dear DragonFlyBSD bugs, I just learned this morning that NIST has completed their competition for the new SHA3 cryptographic hash algorithm: http://www.nist.gov/itl/csd/sha-100212.cfm ---- I would recommend that DragonFlyBSD consider deprecating SHA2 for password hashes, and adopting the new SHA3 algorithm/standard (since SHA1 has been broken and SHA2 is very similar to SHA1; but note that I bbelieve SHA2 is still considered safe/secure). Another reason why: http://slashdot.org/index2.pl?fhfilter=openwall OR Go to www.slashdot.org and search for "openwall" or "John the Ripper" to see article on: "John the Ripper Cracks Slow Hashes On GPU<http://linux.slashdot.org/story/12/07/04/1922244/john-the-ripper-cracks-slow-hashes-on-gpu> " Basically, even SHA512 was considered problematic in the above article on cracking password hashes (presumably by brute force). -- Sincerely, Robin Carey BSc -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
