Date: Tue, 15 Jun 1999 03:43:34 -0700 (PDT) From: Holtor <holtor@yahoo.com> To: freebsd-security@freebsd.org Subject: Re: DES & MD5? Message-ID: <19990615104334.23910.rocketmail@web128.yahoomail.com>
next in thread | raw e-mail | index | archive | help
So there really is no easy way to convert. I just wanted to move everything to MD5. Then just go in, and change each users password and e-mail them all. I'm really not an expert with hacking source code, i know i'd probably screw it up horribly. My original intent was that if someone broke in, I figure MD5 passwords would be harder to break. Holt --- Poul-Henning Kamp <phk@critter.freebsd.dk> wrote: > In message > <199906150658.AAA90712@harmony.village.org>, Warner > Losh writes: > >In message <5182.929429344@critter.freebsd.dk> > Poul-Henning Kamp writes: > >: Uhm, sorry Warner, but that is not true. A brute > force attack on > >: MD5 is many orders of magnitude slower than on > DES. > > > >Wouldn't that cause lots of messages to be logged > about failed login > >attempts? I was talking about the case where no > one can get the > >encrypted passwords. I do suppose this assumes > that all the programs > >that do login verification do syslogs failures... > > Which I must admit I have never verified that they > do. I don't > think a brute force attack without the scrambled > passwords is > sufficiently feasible to be attempted, for one thing > you reveal > your source-IP or tty/terminal identity, but even > so, MD5 takes > longer to computer than DES. > > >I agree that MD5 is better when the possibility of > disclosure of the > >encrypted passwords exists... > > Which it always does, it's only a matter of at which > probability. > > -- > Poul-Henning Kamp FreeBSD coreteam > member > phk@FreeBSD.ORG "Real hackers run > -current on their laptop." > FreeBSD -- It will take a long time before progress > goes too far! > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990615104334.23910.rocketmail>