Linux Today: Linux News On Internet Time.

More on LinuxToday

SHA-512 w/ per User Salts is Not Enough

May 11, 2011, 14:04 (1 Talkback[s])

"Back in January, I was having a causal conversation about passwords at a local gathering about security and was asked what we use for storing the passwords. I stated that we are using sha-512 w/ per user salts but we are looking at moving away from this standard to something much stronger.

The response that I received from this person was pretty much in line with other comments I have received and seen on some of our forums. The two most common responses are: "Oh good, you are using per user salts" and "yeah, using sha-512 is much better than md5." Granted, these comments are true, using sha-512 is better than using md5 and better than not using per user salts but there is still a weakness that I feel is overlooked."

Complete Story

Complete Story

Related Stories: