Date: Tue, 20 Jun 1995 00:08:36 -0700 (PDT) From: Poul-Henning Kamp <phk> To: mark@grondar.za (Mark Murray) Cc: terry@cs.weber.edu, wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Message-ID: <199506200708.AAA01200@freefall.cdrom.com> In-Reply-To: <199506200621.IAA01213@grumble.grondar.za> from "Mark Murray" at Jun 20, 95 08:21:05 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I agree that the hack-attack prevention is a poor reason for slowing down > > > crypt(). > > > > The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently > > slow that brute-force attacks are not fun, and it is frustrated by a > > millisecond timestamp so dictionary attacks become very bulky. > > The timestamp can be stripped down by anyone with access to the source. > OK, this does not help anyone bashing at the front door, but there are > those hackers who with a Sparc or an Alpha and the MD5 source will > really clobber a password file using Crack... > The timestamp cannot be stripped out by any known method at this point. I tried with a rather large network, and a really optimistic guess at a brute force attempt, including a factor 2 increase per year in speed still gives way over 100 years. > > Ten years from now it will probably have to be slowed down again :-( > > Who says some clever Maths/Crypto boffin hasn't got a faster algorithm > _now_? Look at fcrypt versus Classic crypt(3). MD5 isn't particular easy to speed up. Check the source. The MD5 crypt() is way stronger that DES crypt(). -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506200708.AAA01200>