Date: Wed, 8 Aug 2012 09:42:51 +0200 From: Daniel Cegiełka <daniel.cegielka@...il.com> To: musl@...ts.openwall.com Subject: Re: crypt* files in crypt directory 2012/8/8 Solar Designer <solar@...nwall.com>: > On Wed, Aug 08, 2012 at 09:03:00AM +0200, Daniel Cegie?ka wrote: >> If closer to upstream, it would be preferable to use scrypt: >> http://www.tarsnap.com/scrypt.html > > Huh? As far as I'm aware, there's still no crypt(3) encoding syntax > defined for scrypt (which is intended primarily as a KDF rather than a > password hashing method for servers), so we'd have to devise our own. > How is that "closer to upstream"? > > It does make sense to use scrypt for password hashing, but how exactly > that will be done and whether it'll be scrypt or something future > inspired by scrypt and others is not clear yet: > > http://www.openwall.com/lists/crypt-dev/2011/05/12/4 > http://www.openwall.com/lists/crypt-dev/2012/08/07/1 > > Alexander Right. So blowfish/gensalt going to be a good solution for us (at this time). Daniel
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.