Sorry, but you didn't. It was just a reference for those who need strong password security. I am perfectly fine with MD5 or SHA*. We may just add a note to the book for people who need stronger security.
Best, Ilya. On Wed, Dec 29, 2010 at 6:28 PM, William Immendorf <will.immend...@gmail.com> wrote: > On Wed, Dec 29, 2010 at 12:58 AM, Ilya Kaliman <ilya.kali...@gmail.com> wrote: >> By the way here is a nice article about why general purpose hash >> functions are bad for hashing passwords: >> >> http://codahale.com/how-to-safely-store-a-password/ > I get the idea: You want use to use Blowfish for encrypting our > passwords. However, this does require modifications to Glibc, Shadow, > and even Sysvinit to support this path, and it requires a lot of > effort to support this scheme, while with SHA-2, it's supported right > out of the box and provides much more security than MD5. > > But if enough people have their heart set on Blowfish, we will be > willing to use that. For now, we are going to use SHA-512. > > -- > William Immendorf > The ultimate in free computing. > Messages in plain text, please, no HTML. > GPG key ID: 1697BE98 > If it's not signed, it's not from me. > > -------------- > > "Every nonfree program has a lord, a master -- > and if you use the program, he is your master." Richard Stallman > -- > http://linuxfromscratch.org/mailman/listinfo/lfs-dev > FAQ: http://www.linuxfromscratch.org/faq/ > Unsubscribe: See the above information page > -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
