From owner-freebsd-security Mon Jun 14 23:50: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 8297B14F0C for ; Mon, 14 Jun 1999 23:49:59 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id IAA05184; Tue, 15 Jun 1999 08:49:05 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Warner Losh Cc: Holtor , freebsd-security@FreeBSD.ORG Subject: Re: DES & MD5? In-reply-to: Your message of "Tue, 15 Jun 1999 00:43:23 MDT." <199906150643.AAA90605@harmony.village.org> Date: Tue, 15 Jun 1999 08:49:04 +0200 Message-ID: <5182.929429344@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199906150643.AAA90605@harmony.village.org>, Warner Losh writes: >In message <19990615025002.24925.rocketmail@web105.yahoomail.com> >Holtor writes: >: Hello guys. I've been using DES on all my servers >: but i'm thinking of converting to MD5 since it >: seems to be more secure? > >Are you using yp? If not, then there likely isn't much difference >between the two. MD5 was used as a replacement for DES when the des >routines were export controlled. Since no one but root can grab the >encrypted passwords, you'll gain nothing by moving from one to the >other. Uhm, sorry Warner, but that is not true. A brute force attack on MD5 is many orders of magnitude slower than on DES. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message