IRC Logs for #crux-devel Tuesday, 2012-06-12

juejaeger: don't remember that we've talked about the encrypt method of shadow the last years. We only had changed from DES to MD5, but that was at the very beginning of CRUX, dunno if at that time stronger methods than md5 were available.05:05
teK_hashing-discussions again.. jue I read up and you referred to chosen-prefix attacks against md5, right? Now I understand your line of argumentation05:06
jueat all I think it's not a problem to change out default to SHA256 or SHA512, it's completely transparant to the user, because the old hash remains valid and is updated after a passwd change05:07
jues/out/our/05:07
jueteK_: yeah05:07
teK_we had that discussion before, sorry05:08
teK_+1 for >=SHA25605:09
teK_still we should prepare for a switch. Better safe than sorry. (Athough I read that md5 stems from '91, first concerns were uttered in '93 but it still being around is no argument to stick with it either)05:10
jueteK_: so you agree that the use of md5 in our ports isn't a real life problem05:10
teK_wrt known prefix attacks: yes. Yet the presentation I read was about them exclusively. I don't know about other collision attacks05:11
teK_there was a nice article on the topic of hashing by some antivir vendor05:12
juewrt shadow password: /etc/shadow is only accessable by root, so reading that file means your system is already compromised, right?05:13
teK_I see where this is going =)05:14
teK_yes you're (locally) fucked in that case05:14
teK_BUT there's a change you used that password online on other hosts etc.05:14
teK_s/change/chance/05:14
teK_and again: as you already said: this change would cost us and the users nothing but this discussion ;)05:15
jueteK_: no fear, I've not problem to change our default in login.defs to SHA256, but at a general rule I'm against doing such things without knowing the impact05:16
teK_I'm for it because it has no negative impact05:17
jueyeah, sure, but our short discussion shows that there's no need to panic in any way05:18
jueand that's important to know IMO05:18
teK_fyi: http://www.f-secure.com/weblog/archives/00002379.html05:18
teK_sure, no panic05:19
teK_btw jue I've been asked what a hash-function does by a Diplominformatiker. -_-05:32
*** mike_k has joined #crux-devel05:48
Romsterhttp://hashcat.net/oclhashcat-plus/07:31
*** tilman has quit IRC07:31
*** tilman has joined #crux-devel07:33
*** joe9 has joined #crux-devel07:33
*** sepen has joined #crux-devel08:04
*** frinnst has quit IRC08:49
*** frinnst has joined #crux-devel08:49
*** deus_ex has joined #crux-devel08:52
*** sepen has quit IRC10:43
*** sepen has joined #crux-devel12:25
*** mike_k has quit IRC15:46
*** joe9 has quit IRC17:27
frinnstthink tilman would mind if I fix a 404?18:06
frinnstperhaps even a bump, libjpeg seems a bit broken also a year out of date18:06
jaegerI doubt he would mind a fix, though honestly I don't think he'd notice, don't know that he does any crux work anymore18:09
jaegerNot 100% sure about that, though18:09
frinnsti'll update the source url. he can curse me out later if he wants to :)18:15
*** acrux has quit IRC19:36
*** acrux has joined #crux-devel20:04
*** acrux has joined #crux-devel20:04
*** sepen has quit IRC20:27
*** ____________mav has quit IRC21:49
*** ____________mav has joined #crux-devel21:50

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!