On Mon, Jul 25, 2022 at 11:11 AM Marek Szuba <mare...@gentoo.org> wrote: > > On 2022-07-25 15:35, Peter Stuge wrote: > > > Please only do that based on proven merit and nothing else. > > https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ > , https://www.password-hashing.net/ , the fact we still us the default > number of rounds (i.e. 5000) with SHA512 which is *ridiculously* weak > for modern hardware, lack of Argon2 support in libxcrypt for the time > being due to upstream having decided to wait for an official RFC. You > can probably find more yourself if you look.
The fedora link in the original email details why they changed it. I don't think regurgitating the argument will add to it. By all means point out if there is a concern with their reasoning though. My initial question was whether this was some vanity hash change but the changes are intended to greatly increase the cost of cracking attacks. I'm in no position to evaluate their merit but their proposal contains various citations to people who presumably are. -- Rich