Re: Passwords inside System Configuration

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passwords inside System Configuration

From:	Vagrant Cascadian
Subject:	Re: Passwords inside System Configuration
Date:	Tue, 21 Jan 2020 13:24:24 -0800

On 2020-01-21, Raghav Gururajan wrote:
>> Note: The hash of this initial password will be available in a file
>> in
>> /gnu/store, readable by all the users, so this method must be used
>> with
>> care.
>
> I see. But why would it be a concern? It is not feasible to brute-force 
> SHA-512 hash right?

I'm no expert, but evaluating the future based on today has it's
weaknesses; brute-force isn't usually what makes it possible to
compromise an algorithm...

  https://valerieaurora.org/hash.html

According to wikipedia, SHA-512 is in the SHA2 family:

  https://en.wikipedia.org/wiki/SHA-2

Which outlines papers, some going back over a decade, on various ways
SHA2 could be weakened...

live well,
  vagrant

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Passwords inside System Configuration, Raghav Gururajan, 2020/01/19
- Re: Passwords inside System Configuration, Giovanni Biscuolo, 2020/01/20
  - Re: Passwords inside System Configuration, Raghav Gururajan, 2020/01/21
    - Re: Passwords inside System Configuration, Vagrant Cascadian <=
    - Re: Passwords inside System Configuration, Raghav Gururajan, 2020/01/22
    - Re: Passwords inside System Configuration, Giovanni Biscuolo, 2020/01/24
    - Re: Passwords inside System Configuration, Raghav Gururajan, 2020/01/24

Prev by Date: Re: Passwords inside System Configuration
Next by Date: Re: How to present Guix to a wider audience
Previous by thread: Re: Passwords inside System Configuration
Next by thread: Re: Passwords inside System Configuration
Index(es):
- Date
- Thread