On Tue, 2021-02-02 at 19:08 -0500, Sam Hartman wrote:
> > > > >
> I don't have any objection to moving to Argon2 once it's available
Would sound like a good plan. In that case it might not even be
necessary to mention an intermediate switch to yescrypt in the release
notes, if that was superseded
> "Christoph" == Christoph Anton Mitterer writes:
Christoph> Wouldn't it then be a better choice to wait for the
Christoph> availability of argon2?
Christoph> Not that'd I'd have any insight on whether yescrypt is
Christoph> much worse, but Argon2 is simply the winner and wil
On Tue, 2021-02-02 at 17:05 -0500, Sam Hartman wrote:
> > > > >
> I don't know whether that's long-term plan or not.
> yescrypt and argon2 seem to have similar security properties.
> I'd need to dig more into the PHC report to figure out whether
> there's
> enough of an advantage to do another sw
> "Christoph" == Christoph Anton Mitterer writes:
Christoph> Hey. I'd guess that the long term plan is then to switch
Christoph> to Argon2?
Christoph> May I suggest in advance that this is then added to
Christoph> NEWS.Debian with the hint that people might perhaps want
Hey.
I'd guess that the long term plan is then to switch to Argon2?
May I suggest in advance that this is then added to NEWS.Debian with
the hint that people might perhaps want to re-set their passwords?
Cheers,
Chris
On Jan 03, Sam Hartman wrote:
> I don't know what the sha512 option we're using as a default does, but I
> suspect yescrypt is probably an improvement. Sorry, i'm too lazy today
> to go look up what sha512 actually means. (I mean if it actually means
> hash the password with sha512 with no salt
> "Marco" == Marco d'Itri writes:
Marco> On Jan 02, Steve Langasek wrote:
>> So, can you provide more rationale why you think this should be
>> the default?
Marco> Because yescrypt is the best password hashing algorithm
Marco> available in libxcrypt and its default.
Ste
On Jan 02, Steve Langasek wrote:
> So, can you provide more rationale why you think this should be the default?
Because yescrypt is the best password hashing algorithm available in
libxcrypt and its default.
https://www.openwall.com/yescrypt/ explains its design tradeoffs.
--
ciao,
Marco
si
Control: tags -1 moreinfo
On Mon, Dec 28, 2020 at 03:56:10PM +0100, Marco d'Itri wrote:
> Package: libpam-modules
> Version: 1.4.0-1
> Severity: normal
> Now that a newer release has been packaged, "sha512" in
> /etc/pam.d/common-password should be replaced by "yescrypt".
My immediate reaction
Package: libpam-modules
Version: 1.4.0-1
Severity: normal
Now that a newer release has been packaged, "sha512" in
/etc/pam.d/common-password should be replaced by "yescrypt".
--
ciao,
Marco
signature.asc
Description: PGP signature
10 matches
Mail list logo
