On 2022-07-25 15:35, Peter Stuge wrote:

Mikhail Koliada wrote:
This idea has been fluctuating in my head for quite a while given
that the migration had happened a while ago [0] and some other
major distributions have already adopted yescrypt as their default algo
by now [1].

Please only do that based on proven merit and nothing else.

https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ , https://www.password-hashing.net/ , the fact we still us the default number of rounds (i.e. 5000) with SHA512 which is *ridiculously* weak for modern hardware, lack of Argon2 support in libxcrypt for the time being due to upstream having decided to wait for an official RFC. You can probably find more yourself if you look.


Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to