Password hashing
Steven M. Bellovin
smb at cs.columbia.edu
Fri Oct 12 14:21:57 EDT 2007
On Thu, 11 Oct 2007 22:19:18 -0700
james hughes <hughejp at mac.com> wrote:
> A proposal for a new password hashing based on SHA-256 or SHA-512 has
> been proposed by RedHat but to my knowledge has not had any rigorous
> analysis. The motivation for this is to replace MD-5 based password
> hashing at banks where MD-5 is on the list of "do not use"
> algorithms. I would prefer not to have the discussion "MD-5 is good
> enough for this algorithm" since it is not an argument that the
> customers requesting these changes are going to accept.
>
NetBSD uses iterated HMAC-SHA1, where the password is the key and the
salt is the initial plaintext. (This is my design but not my
implementation.)
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list