MySQL Lists: internals: Re: Why SHA256+salt authentication ?

List:	Internals	« Previous Message Next Message »
From:	Sergei Golubchik	Date:	May 27 2011 11:07am
Subject:	Re: Why SHA256+salt authentication ?
View as plain text

Hi, Kristofer!

On May 27, Kristofer Pettersson wrote:
> Sergei Golubchik skrev 2011-05-27 11:24:
> > Just curious, why do you guys want new authentication plugin
> > that uses sha256 and salt?
> > 
> > Was the current (double SHA2) security found flawed?
> 
> There is no evidence that it is flawed and there is no evidence of
> successful cryptographic attacks.

I see. Good to know.

> > Or you just like it salted?
> 
> Yes. It is suppose to make it more difficult to construct MySQL
> specific rainbow tables.

Agree.

We even tried to use salted hashes once, but had to revert it.
I hope you will be more successfull at it.

Regards,
Sergei

Thread
• Why SHA256+salt authentication ?	Sergei Golubchik	27 May
• Re: Why SHA256+salt authentication ?	Kristofer Pettersson	27 May
• Re: Why SHA256+salt authentication ?	Sergei Golubchik	27 May
• Re: Why SHA256+salt authentication ?	Mats Kindahl	27 May
• Re: Why SHA256+salt authentication ?	Sergei Golubchik	27 May