From owner-freebsd-security Mon Nov 16 11:17:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA22642 for freebsd-security-outgoing; Mon, 16 Nov 1998 11:17:18 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22622 for ; Mon, 16 Nov 1998 11:17:14 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.1/8.8.5) with ESMTP id UAA23905; Mon, 16 Nov 1998 20:14:52 +0100 (CET) To: Fernando Schapachnik cc: tcrimi+@andrew.cmu.edu (Thomas Valentino Crimi), tlambert@primenet.com, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? In-reply-to: Your message of "Mon, 16 Nov 1998 15:11:16 -0300." <199811161811.PAA01939@ns1.sminter.com.ar> Date: Mon, 16 Nov 1998 20:14:52 +0100 Message-ID: <23903.911243692@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199811161811.PAA01939@ns1.sminter.com.ar>, Fernando Schapachnik writes: >En un mensaje anterior, Thomas Valentino Crimi escribió: >[...] >> And then we have md5 passwords, arguably broken, now, but orders of >> magnitudes better than DES. > >Broken? I'm using them with no problem. What do you mean? He means that he hasn't understood the first law of cryptography: "No cipher is unbreakable, it's all a question about time & effort" Given sufficient resources you can brute-force any encryption or scrambling. MD5 scambled passwords are not even close to being broken, for any value of broken worth talking about. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message