Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 8 Aug 2012 09:42:51 +0200
From: Daniel Cegiełka <daniel.cegielka@...il.com>
To: musl@...ts.openwall.com
Subject: Re: crypt* files in crypt directory

2012/8/8 Solar Designer <solar@...nwall.com>:
> On Wed, Aug 08, 2012 at 09:03:00AM +0200, Daniel Cegie?ka wrote:
>> If closer to upstream, it would be preferable to use scrypt:
>> http://www.tarsnap.com/scrypt.html
>
> Huh?  As far as I'm aware, there's still no crypt(3) encoding syntax
> defined for scrypt (which is intended primarily as a KDF rather than a
> password hashing method for servers), so we'd have to devise our own.
> How is that "closer to upstream"?
>
> It does make sense to use scrypt for password hashing, but how exactly
> that will be done and whether it'll be scrypt or something future
> inspired by scrypt and others is not clear yet:
>
> http://www.openwall.com/lists/crypt-dev/2011/05/12/4
> http://www.openwall.com/lists/crypt-dev/2012/08/07/1
>
> Alexander

Right. So blowfish/gensalt going to be a good solution for us (at this time).

Daniel

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.