List:Internals« Previous MessageNext Message »
From:Sergei Golubchik Date:May 27 2011 11:07am
Subject:Re: Why SHA256+salt authentication ?
View as plain text  
Hi, Kristofer!

On May 27, Kristofer Pettersson wrote:
> Sergei Golubchik skrev 2011-05-27 11:24:
> > Just curious, why do you guys want new authentication plugin
> > that uses sha256 and salt?
> > 
> > Was the current (double SHA2) security found flawed?
> 
> There is no evidence that it is flawed and there is no evidence of
> successful cryptographic attacks.

I see. Good to know.

> > Or you just like it salted?
> 
> Yes. It is suppose to make it more difficult to construct MySQL
> specific rainbow tables.

Agree.

We even tried to use salted hashes once, but had to revert it.
I hope you will be more successfull at it.

Regards,
Sergei

Thread
Why SHA256+salt authentication ?Sergei Golubchik27 May
  • Re: Why SHA256+salt authentication ?Kristofer Pettersson27 May
    • Re: Why SHA256+salt authentication ?Sergei Golubchik27 May
      • Re: Why SHA256+salt authentication ?Mats Kindahl27 May
        • Re: Why SHA256+salt authentication ?Sergei Golubchik27 May