Comment 0 for bug 1668503
Revision history for this message
| Morgan Fainberg (mdrnstm) wrote sha512_crypt is insufficient, use pdkfd_sha512 for password hashing | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Keystone uses sha512_crypt for password hashing. This is completely insufficient and provides limited protection (even with 10,000 rounds) against brute-forcing of the password hashes (especially with FPGAs and/or GPU processing).
The correct mechanism is to use bcrypt, scrypt, or pdkfd_sha512 instead of sha512_crypt.
This bug is marked as public security as bug #1543048 has already highlighted this issue.