>>>>> "Marco" == Marco d'Itri <[email protected]> writes:
Marco> On Jan 02, Steve Langasek <[email protected]> wrote:
>> So, can you provide more rationale why you think this should be
>> the default?
Marco> Because yescrypt is the best password hashing algorithm
Marco> available in libxcrypt and its default.
Steve, Take a look at https://www.password-hashing.net/
for what appears to be a credible peer-reviewed process to look at
password KDFs.
I know some of the names on their review panel, and trust those people
to have run a reasonable process.
I have not read their report nor the academic papers.
Note that yescrypt is *not* their recommended password hashing function,
but it did receive an honorable mention.
However, the winner is not supported by pam_unix
https://github.com/linux-pam/linux-pam/issues/45
presumably because it is not supported by libxcrypt.
Based on the following information I think yescrypt would be fine to
enable:
* PHC's honorable mention. I assume the security is good enough or they
would not have included it.
* Yescrypt's claim that it's security is dependent on SHA-256 and PBKDF2
(from their website). I have not independently verified this claim.
I don't know what the sha512 option we're using as a default does, but I
suspect yescrypt is probably an improvement. Sorry, i'm too lazy today
to go look up what sha512 actually means. (I mean if it actually means
hash the password with sha512 with no salt, then that's so brain dead as
to not be plausible. I'm guessing it's some salted sha2-512-based KDF).
signature.asc
Description: PGP signature
