NIST announces FIPS 202 (the SHA-3 Standard) and FIPS 180-4 in the Federal Register today. Please see the Federal Register Noticehttps://federalregister.gov/a/2015-19181 for details and for NIST's comment resolutions for DRAFT FIPS 202 and DRAFT FIPS 180-4.
Should probably stay ahead of the game instead of waiting until a customer asks us if we support SHA3.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1258613
Related https://bugzilla.redhat.com/show_bug.cgi?id=1298275
An interesting discussion point here is that SHA3 is intended to be fast on hardware. This is in fact a detriment to password storage. Some attacks rely on being able to quickly generate many SHA3 sums based on inputs (ie dictionary list, rainbow table). As a result, being fast may make an attackers job easier to bruteforce. This is where #397 is something I think is better to pursue for our next default hash mechanism as they enforce higher time and memory complexity. This means an attacker that is able to compromise the system (theoretically: We would of course react to any DS compromise swiftly) would not as easily be able to attack the hashes.
Here are some numbers from my Python hash benchmark (sha3 from KeccekCodePackage with SSE optimizations):
{{{ CPU: Intel(R) Core(TM) i7-4900MQ CPU @ 2.80GHz 256 times 1 MiB random data
_hashlib.openssl_md5 708 MiB/sec _hashlib.openssl_sha1 1014 MiB/sec _hashlib.openssl_sha512 676 MiB/sec _sha3.sha3_224 322 MiB/sec _sha3.sha3_256 302 MiB/sec _sha3.sha3_384 232 MiB/sec _sha3.sha3_512 161 MiB/sec }}}
I assume that sha3 in dedicated hardware is almost a magnitude faster than in software. This performance discrepancy favors attacks. I would rather recommend scrypt or argon2.
As per cheimes comment, and other input from cryptographers, I believe it is incorrect for us to support SHA3 as a password hashing mechanism. I will close this as wontfix. We should focus on key derivation functions such as in #397.
Metadata Update from @firstyear: - Issue assigned to firstyear - Issue set to the milestone: 1.3.6 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1572
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.