You are not logged in.
Hi all,
I already asked this question a year ago in the german forum, but did not receive any answer.
Are there plans to provide the winner of the 2015 Password Hashing Competition, Argon2, to be exact Argon2d, as a hash algorithm available for storing passwords in /etc/shadow?
If so, when?
If not, why?
Best regards.
Last edited by schard (2017-10-05 08:42:52)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
That is not in the scope of arch linux.
/etc/shadow relies on crypt(). Arch uses the glibc implementation which supports DES, MD5, SHA-256 and SHA-512, so you should be able to encrypt your shadow passwords with SHA-512.
There are also no PAM or glibc nss modules readily available.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
To be precise, this is SHA-512-crypt not SHA-512. More info at https://passlib.readthedocs.io/en/stabl … crypt.html
It's considered safe if you set high number of rounds. It defaults to 5k if I recall correctly. It's better to set it to something like 200k or more. Depends on hardware.
Last edited by Uriel_Bernhard48 (2017-10-04 21:28:23)
Offline
That is not in the scope of arch linux.
Sorry. I was under the false impression that this sub-forum, since labelled GNU/Linux Discussion was for discussions regarding GNU/Linux in general and hence, that a discussion of algorithms provided by a GNU library used by arch was on-topic.
/etc/shadow relies on crypt(). Arch uses the glibc implementation which supports DES, MD5, SHA-256 and SHA-512, so you should be able to encrypt your shadow passwords with SHA-512.
There are also no PAM or glibc nss modules readily available.
I know which algorithms are supported. My question is why Argon2 is not among them (yet).
To be precise, this is SHA-512-crypt not SHA-512. More info at https://passlib.readthedocs.io/en/stabl … crypt.html
It's considered safe if you set high number of rounds. It defaults to 5k if I recall correctly. It's better to set it to something like 200k or more. Depends on hardware.
I am not interested in discussing tweaking existing algorithms within the scope of this thread.
My question was solely regarding the possible inclusion of Argon2 within the respective crypto libraries.
Solved
I just saw that there is already a pending feature request on this.
https://sourceware.org/bugzilla/show_bug.cgi?id=21421
So let's just wait.
Last edited by schard (2017-10-05 08:43:11)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
I doubt glibc developers read this forums so discussion here is pointless. It's better to ask directly at source https://www.gnu.org/software/libc/involved.html
Offline
progandy wrote:That is not in the scope of arch linux.
Sorry. I was under the false impression that this sub-forum, since labelled GNU/Linux Discussion was for discussions regarding GNU/Linux in general and hence, that a discussion of algorithms provided by a GNU library used by arch was on-topic.
...
I know which algorithms are supported. My question is why Argon2 is not among them (yet).
Sorry, I understood it as if you wanted to ask arch developers to add the hash. Since this is implemented in glibc, and arch uses vanilla packages I tried to redirect you to glibc. Your question did not make it clear you knew of the implemented hashes, so I added them just in case.
I just saw that there is already a pending feature request on this.
https://sourceware.org/bugzilla/show_bug.cgi?id=21421
So let's just wait.
That might take a while until somone is interested enough. You could help with writing the patch, though
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline