From owner-freebsd-security Mon Jun 14 23:43:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1BA9A14F0C for ; Mon, 14 Jun 1999 23:43:40 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA46401; Tue, 15 Jun 1999 00:43:39 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA90605; Tue, 15 Jun 1999 00:43:23 -0600 (MDT) Message-Id: <199906150643.AAA90605@harmony.village.org> To: Holtor Subject: Re: DES & MD5? Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Mon, 14 Jun 1999 19:50:02 PDT." <19990615025002.24925.rocketmail@web105.yahoomail.com> References: <19990615025002.24925.rocketmail@web105.yahoomail.com> Date: Tue, 15 Jun 1999 00:43:23 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19990615025002.24925.rocketmail@web105.yahoomail.com> Holtor writes: : Hello guys. I've been using DES on all my servers : but i'm thinking of converting to MD5 since it : seems to be more secure? Are you using yp? If not, then there likely isn't much difference between the two. MD5 was used as a replacement for DES when the des routines were export controlled. Since no one but root can grab the encrypted passwords, you'll gain nothing by moving from one to the other. If you are using yp, then someone who is listening to the network can still run a directory attack on the encrypted passwords. If you are sending passwords in the clear over the net, then the attacker can grab them like that... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message