Follow

OMG, why can't we have nice things. Just found out that passwords in /etc/shadow are hashed using SHA-512 by default (which is the least bad option ...) but only 5000 rounds by default (not that more rounds would make it significantly more resistant against brute force in any case).

Key takeaway: Consider your /etc/shadow to be containing essentially plain text passwords.

-> Don't reuse Linux login passwords for anything else
-> Encrypt your system partition (and be sure to configure a sensible key derivation function when setting it up using cryptsetup, I don't think they use sensible defaults yet. In other words: Tell cryptsetup to use Argon2id and optimise --iter-time and --pbkdf-* to be as slow and memory consuming as acceptable)

Show thread
Sign in to participate in the conversation
mastodon.cloud

[Notice Regarding the Transfer of the mstdn.jp / mastodon.cloud Services] We have received several inquiries showing interest in a transfer following the announcement of the end of the mstdn.jp and mastodon.cloud services. As a result of subsequently evaluating the situation and making preparations, we have decided that the corresponding services will be transferred to Sujitech, LLC. on June 30. Thank you.