On 2022-07-25 15:35, Peter Stuge wrote:
Mikhail Koliada wrote:This idea has been fluctuating in my head for quite a while given that the migration had happened a while ago [0] and some other major distributions have already adopted yescrypt as their default algo by now [1].Please only do that based on proven merit and nothing else.
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ , https://www.password-hashing.net/ , the fact we still us the default number of rounds (i.e. 5000) with SHA512 which is *ridiculously* weak for modern hardware, lack of Argon2 support in libxcrypt for the time being due to upstream having decided to wait for an official RFC. You can probably find more yourself if you look.
-- Marecki
OpenPGP_signature
Description: OpenPGP digital signature