List:Internals« Previous MessageNext Message »
From:Mats Kindahl Date:May 27 2011 12:48pm
Subject:Re: Why SHA256+salt authentication ?
View as plain text  
On 05/27/2011 01:07 PM, Sergei Golubchik wrote:
> Hi, Kristofer!
>
> On May 27, Kristofer Pettersson wrote:
>> Sergei Golubchik skrev 2011-05-27 11:24:
>>> Just curious, why do you guys want new authentication plugin
>>> that uses sha256 and salt?
>>>
>>> Was the current (double SHA2) security found flawed?
>> There is no evidence that it is flawed and there is no evidence of
>> successful cryptographic attacks.
> I see. Good to know.
>
>>> Or you just like it salted?
>> Yes. It is suppose to make it more difficult to construct MySQL
>> specific rainbow tables.
> Agree.
>
> We even tried to use salted hashes once, but had to revert it.

Just curios: why did you have to revert it?

/Matz


> I hope you will be more successfull at it.
>
> Regards,
> Sergei
>
>

Thread
Why SHA256+salt authentication ?Sergei Golubchik27 May
  • Re: Why SHA256+salt authentication ?Kristofer Pettersson27 May
    • Re: Why SHA256+salt authentication ?Sergei Golubchik27 May
      • Re: Why SHA256+salt authentication ?Mats Kindahl27 May
        • Re: Why SHA256+salt authentication ?Sergei Golubchik27 May