solardiz
commented
2 years ago I hope not! SM3 is a fast hash, not a password hash, and it would be a vulnerability to directly use it for passwords.
Closed myhou0418 closed 2 years ago
solardiz
commented
2 years ago I hope not! SM3 is a fast hash, not a password hash, and it would be a vulnerability to directly use it for passwords.
myhou0418
commented
2 years ago Is SHA256 a vulnerability to directly use for passwords? The SM3 algorithm is an improved algorithm based on SHA-256. The compression function of the SM3 algorithm has a similar structure to the compression function of SHA-256, but the design of the SM3 algorithm is more complicated. For example, each round of the compression function uses 2 message words.
solardiz
commented
2 years ago Is SHA256 a vulnerability to directly use for passwords?
Yes, of course!
Do we have plans to support the SM3 algorithm? Libgcrypt already supports SM3.