[Cryptography] Password rules and salt
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun May 21 06:47:44 EDT 2017
lists at notatla.org.uk <lists at notatla.org.uk> writes:
>When your secure hash function reaches end of life and you pick a new one I
>suppose that means starting a new dataset. You could test new passwords
>against both the old and new filters; storing them in the new one if they
>appeared to be in the old. Eventually you'd retire the old version.
Hashing functions for password processing have very different requirements
than for digital signatures. There may not be any end-of-life for hash
functions used to obscure passwords, you could still be using MD4 without any
problems.
OK, there's the speed thing, but given that you can get ASICs to do SHA-2 at
insane rates MD4 might even be the safer bet against brute-force attacks.
Peter.
More information about the cryptography
mailing list