support SM3 hash algorithm
Closed this issue · 3 comments
myhou0418 commented
Do we have plans to support the SM3 algorithm? Libgcrypt already supports SM3.
solardiz commented
I hope not! SM3 is a fast hash, not a password hash, and it would be a vulnerability to directly use it for passwords.
myhou0418 commented
Is SHA256 a vulnerability to directly use for passwords?
The SM3 algorithm is an improved algorithm based on SHA-256. The compression function of the SM3 algorithm has a similar structure to the compression function of SHA-256, but the design of the SM3 algorithm is more complicated. For example, each round of the compression function uses 2 message words.
solardiz commented
Is SHA256 a vulnerability to directly use for passwords?
Yes, of course!