Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Jun 1999 03:43:34 -0700 (PDT)
From:      Holtor <holtor@yahoo.com>
To:        freebsd-security@freebsd.org
Subject:   Re: DES & MD5? 
Message-ID:  <19990615104334.23910.rocketmail@web128.yahoomail.com>

next in thread | raw e-mail | index | archive | help
So there really is no easy way to convert.
I just wanted to move everything to MD5.
Then just go in, and change each users password
and e-mail them all. I'm really not an expert
with hacking source code, i know i'd probably screw
it up horribly. My original intent was that if someone
broke in, I figure MD5 passwords would be harder
to break.

Holt

--- Poul-Henning Kamp <phk@critter.freebsd.dk> wrote:
> In message
> <199906150658.AAA90712@harmony.village.org>, Warner
> Losh writes:
> >In message <5182.929429344@critter.freebsd.dk>
> Poul-Henning Kamp writes:
> >: Uhm, sorry Warner, but that is not true.  A brute
> force attack on
> >: MD5 is many orders of magnitude slower than on
> DES.
> >
> >Wouldn't that cause lots of messages to be logged
> about failed login
> >attempts?  I was talking about the case where no
> one can get the
> >encrypted passwords.  I do suppose this assumes
> that all the programs
> >that do login verification do syslogs failures...
> 
> Which I must admit I have never verified that they
> do.  I don't
> think a brute force attack without the scrambled
> passwords is
> sufficiently feasible to be attempted, for one thing
> you reveal
> your source-IP or tty/terminal identity, but even
> so, MD5 takes
> longer to computer than DES.
> 
> >I agree that MD5 is better when the possibility of
> disclosure of the
> >encrypted passwords exists...
> 
> Which it always does, it's only a matter of at which
> probability.
> 
> --
> Poul-Henning Kamp             FreeBSD coreteam
> member
> phk@FreeBSD.ORG               "Real hackers run
> -current on their laptop."
> FreeBSD -- It will take a long time before progress
> goes too far!
> 

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990615104334.23910.rocketmail>