Date: Tue, 15 Jun 1999 00:43:23 -0600 From: Warner Losh <imp@harmony.village.org> To: Holtor <holtor@yahoo.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: DES & MD5? Message-ID: <199906150643.AAA90605@harmony.village.org> In-Reply-To: Your message of "Mon, 14 Jun 1999 19:50:02 PDT." <19990615025002.24925.rocketmail@web105.yahoomail.com> References: <19990615025002.24925.rocketmail@web105.yahoomail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19990615025002.24925.rocketmail@web105.yahoomail.com> Holtor writes: : Hello guys. I've been using DES on all my servers : but i'm thinking of converting to MD5 since it : seems to be more secure? Are you using yp? If not, then there likely isn't much difference between the two. MD5 was used as a replacement for DES when the des routines were export controlled. Since no one but root can grab the encrypted passwords, you'll gain nothing by moving from one to the other. If you are using yp, then someone who is listening to the network can still run a directory attack on the encrypted passwords. If you are sending passwords in the clear over the net, then the attacker can grab them like that... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906150643.AAA90605>