Password hashing

james hughes hughejp at
Fri Oct 12 01:19:18 EDT 2007

A proposal for a new password hashing based on SHA-256 or SHA-512 has  
been proposed by RedHat but to my knowledge has not had any rigorous  
analysis. The motivation for this is to replace MD-5 based password  
hashing at banks where MD-5 is on the list of "do not use" algorithms.  
I would prefer not to have the discussion "MD-5 is good enough for  
this algorithm" since it is not an argument that the customers  
requesting these changes are going to accept.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list