Groups | Search | Server Info | Login | Register

Groups > comp.os.linux.security > #761

Re: Adding Secure Passwords to Linux

From Richard Kettlewell <invalid@invalid.invalid>
Newsgroups comp.os.linux.security
Subject Re: Adding Secure Passwords to Linux
Date 2022-07-28 21:16 +0100
Organization terraraq NNTP server
Message-ID <87lesdngbv.fsf@LkoBDZeT.terraraq.uk> (permalink)
References <b5a2266d-b904-4175-bbaf-a4e5139754bbn@googlegroups.com>

Show all headers | View raw

John Savard <quadibloc@gmail.com> writes:

> I just encountered an article saying that, since today's GPUs are so
> powerful, there's no such thing as a secure password any more.
> The death of the password is a bad thing, because smartphones
> can get lost, broken, or bricked. Indeed, if people have to use
> smartphones to log on to everything, they will be the new high-value
> target.
> However, Linux can set an example of how to make passwords work.
> Using a GPU to brute-force a password requires an attacker
> to have gotten a copy of the password file from the target
> machine - that's how an attacker can try zillions of passwords, instead
> of being locked out after three failed attempts, each of which took
> several seconds.
> So if one changed how password files stored passwords...
> Use a better hash function.

Have a look at scrypt or argon2, designed specifically for password
hashing.

-- 
https://www.greenend.org.uk/rjk/

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Adding Secure Passwords to Linux John Savard <quadibloc@gmail.com> - 2022-07-28 11:25 -0700
  Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2022-07-28 21:16 +0100
  Re: Adding Secure Passwords to Linux Marco Moock <mo01@posteo.de> - 2022-07-29 08:36 +0200
    Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-11 10:30 +0000
      Re: Adding Secure Passwords to Linux Allodoxaphobia <trepidation@example.net> - 2023-06-12 12:35 +0000
        Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-12 13:33 +0000
        Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-12 16:46 +0100
          Re: Adding Secure Passwords to Linux Bit Twister <BitTwister@mouse-potato.com> - 2023-06-13 08:10 -0500
            Re: Adding Secure Passwords to Linux "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-06-13 15:12 -0400
          Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-15 20:30 +0000
            Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-16 08:29 +0100
              Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-16 11:18 +0000
  Re: Adding Secure Passwords to Linux John McCue <jmccue@magnetar.jmcunx.com> - 2023-06-11 14:28 +0000

csiph-web