From mboxrd@z Thu Jan  1 00:00:00 1970
From: Vagrant Cascadian <vagrant@debian.org>
Subject: Re: Passwords inside System Configuration
Date: Tue, 21 Jan 2020 13:24:24 -0800
Message-ID: <87r1zsy03b.fsf@ponder>
References: <f52189f5f72be6192af101bd638d5359@disroot.org>
 <87zheipghw.fsf@roquette.mug.biscuolo.net>
 <d94d9e79f851e540bdc9bc41f3d2ee6b2fa4f452.camel@disroot.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:46882)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <vagrant@debian.org>) id 1iu10k-0003J3-1T
 for help-guix@gnu.org; Tue, 21 Jan 2020 16:24:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <vagrant@debian.org>) id 1iu10i-0000KQ-Vm
 for help-guix@gnu.org; Tue, 21 Jan 2020 16:24:33 -0500
Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]:47916)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <vagrant@debian.org>) id 1iu10i-0000Jj-QA
 for help-guix@gnu.org; Tue, 21 Jan 2020 16:24:32 -0500
In-Reply-To: <d94d9e79f851e540bdc9bc41f3d2ee6b2fa4f452.camel@disroot.org>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane-mx.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane-mx.org@gnu.org>
To: Raghav Gururajan <raghavgururajan@disroot.org>, Giovanni Biscuolo <g@xelera.eu>, help-guix@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On 2020-01-21, Raghav Gururajan wrote:
>> Note: The hash of this initial password will be available in a file
>> in
>> /gnu/store, readable by all the users, so this method must be used
>> with
>> care.
>
> I see. But why would it be a concern? It is not feasible to brute-force=20
> SHA-512 hash right?

I'm no expert, but evaluating the future based on today has it's
weaknesses; brute-force isn't usually what makes it possible to
compromise an algorithm...

  https://valerieaurora.org/hash.html


According to wikipedia, SHA-512 is in the SHA2 family:

  https://en.wikipedia.org/wiki/SHA-2

Which outlines papers, some going back over a decade, on various ways
SHA2 could be weakened...


live well,
  vagrant

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXidsCAAKCRDcUY/If5cW
qixTAQCFYzyju43oscdcp8hkZ0YPdcWKP0vVtuprMQKbsO4IPwEA1QSciUbGaLQF
3msIRfPUy0JV3AkRUQ9xFrSyha5nGA8=
=mZCA
-----END PGP SIGNATURE-----
--=-=-=--