On 2015-09-15 10:00, Felix Fietkau wrote: > On 2015-09-15 08:20, Etienne Champetier wrote: >> Hi, >> >> Le 15 sept. 2015 01:40, "Felix Fietkau" <n...@openwrt.org >> <mailto:n...@openwrt.org>> a écrit : >>> >>> On 2015-09-15 00:22, Etienne Champetier wrote: >>> > Hi Felix, >>> > >>> > Maybe we should keep sha512 and switch to it? md5 is not best security >>> > practice these days. >>> I don't see the point. It's true that for file integrity purposes, md5 >>> is weaker than sha512, but for salted passwords it should not make much >>> of a practical difference. Cryptographic attacks against MD5 don't work >>> here, brute force is still the fastest way to crack those. >> >> Yep, and there is a 100x between md5 and sha512, so it does matter a bit >> http://blog.codinghorror.com/speed-hashing/ > If you're interested in making passwords hard to crack, switching to > SHA512 is an almost pointless band-aid, not a real fix. In the world of > cryptography, a 100x increase isn't exactly a lot. If you want to make > passwords really hard to crack, you could make the code use something > like PBKDF2... And here's another thing: There's an easy way you can increase the cracking difficulty a lot more than 100x without having to change the code at all: Just make your passwords two characters longer :)
- Felix _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
