From owner-freebsd-security Fri Feb 14 10:29:10 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA22339 for security-outgoing; Fri, 14 Feb 1997 10:29:10 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id KAA22301 for ; Fri, 14 Feb 1997 10:28:56 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvSMx-0002qb-00; Fri, 14 Feb 1997 11:28:23 -0700 To: Nate Williams Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Fri, 14 Feb 1997 11:04:14 MST." <199702141804.LAA00515@rocky.mt.sri.com> References: <199702141804.LAA00515@rocky.mt.sri.com> Date: Fri, 14 Feb 1997 11:28:22 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702141804.LAA00515@rocky.mt.sri.com> Nate Williams writes: : I think DES and MD5 are enough in the default distribution. You *can* : have too much of a good thing, and it hasn't been shown that MD5 is : breakable, and DES is only for abackwards compatability. The main motivation for doing this in OpenBSD was Theo knowing people that had broken MD5. He further asserts that many of his friends are able to break the MD5 passwords easily by brute force. Mostly due to the small salt space that made huge dictionary attacks possible. : Trying to support 3 encryption routines is loke trying to support three : init routines. :) Well, that's true. We should relegate MD5 to the scrap heap then :-). Actually, one of the features of the new sutff is a HUGE salt sapce that make it impossible to store a dictionary on anything short of a multiple terrabyte media. Warner