a tumblelog
14 May 2019

SHA1 should no longer be used anymore

Everyone should switch to (in order of preference):

  • BLAKE2b / BLAKE2s
  • SHA-512/256
  • SHA3-256
  • SHA-384
  • Any other SHA2-family hash function as a last resort

...unless they're storing passwords! In which case, they should switch to (in order of preference):

  • Argon2id with memory >= 32MiB, >= 2 rounds, and >= 2 parallelism
  • scrypt / yescrypt with memory >= 32 MiB, >= 4 rounds, and >= 1 parellelism
  • bcrypt (for PHP devs, password_hash() and password_verify() does the trick)
  • PBKDF2-SHA512 with 85,000 iterations as a last resort

But SHA1 should no longer be used anymore. No excuses.

― Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises.

Source: SHA-1 collision attacks are now actually practical and a looming danger.

How does Docker work?

How does Docker actually work? It’s a simple question that has a surprisingly complex answer. You’ve probably heard the terms “daemon” and “runtime” thrown around, but never really understood what they meant and how they fit together.

In the evening I read How does Docker work? by Cameron Lonsdale, a (very) technical walk-through of how Docker works.