MySQL Lists: internals: Re: Why SHA256+salt authentication ?

List:	Internals	« Previous Message Next Message »
From:	Mats Kindahl	Date:	May 27 2011 12:48pm
Subject:	Re: Why SHA256+salt authentication ?
View as plain text

On 05/27/2011 01:07 PM, Sergei Golubchik wrote:
> Hi, Kristofer!
>
> On May 27, Kristofer Pettersson wrote:
>> Sergei Golubchik skrev 2011-05-27 11:24:
>>> Just curious, why do you guys want new authentication plugin
>>> that uses sha256 and salt?
>>>
>>> Was the current (double SHA2) security found flawed?
>> There is no evidence that it is flawed and there is no evidence of
>> successful cryptographic attacks.
> I see. Good to know.
>
>>> Or you just like it salted?
>> Yes. It is suppose to make it more difficult to construct MySQL
>> specific rainbow tables.
> Agree.
>
> We even tried to use salted hashes once, but had to revert it.

Just curios: why did you have to revert it?

/Matz


> I hope you will be more successfull at it.
>
> Regards,
> Sergei
>
>

Thread
• Why SHA256+salt authentication ?	Sergei Golubchik	27 May
• Re: Why SHA256+salt authentication ?	Kristofer Pettersson	27 May
• Re: Why SHA256+salt authentication ?	Sergei Golubchik	27 May
• Re: Why SHA256+salt authentication ?	Mats Kindahl	27 May
• Re: Why SHA256+salt authentication ?	Sergei Golubchik	27 May