From owner-freebsd-security Fri Feb 14 13:09:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA01408 for security-outgoing; Fri, 14 Feb 1997 13:09:43 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA01402 for ; Fri, 14 Feb 1997 13:09:36 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id WAA09757; Fri, 14 Feb 1997 22:12:13 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id WAA10480; Fri, 14 Feb 1997 22:11:18 +0100 (MET) To: Warner Losh cc: Nate Williams , security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 11:28:22 MST." Date: Fri, 14 Feb 1997 22:11:17 +0100 Message-ID: <10478.855954677@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message , Warner Losh writes: >In message <199702141804.LAA00515@rocky.mt.sri.com> Nate Williams writes: >: I think DES and MD5 are enough in the default distribution. You *can* >: have too much of a good thing, and it hasn't been shown that MD5 is >: breakable, and DES is only for abackwards compatability. > >The main motivation for doing this in OpenBSD was Theo knowing people >that had broken MD5. He further asserts that many of his friends are >able to break the MD5 passwords easily by brute force. Mostly due to >the small salt space that made huge dictionary attacks possible. The space between what Theo claims and what he actually can produce when pushed is currently used to store the 98% of the universe that science can't account for. A rather quick calculation will show you that we are indeed talking >huge< dictionary attacks. Theos problem is that it has not been "seriously analysed" and that somebody has used the word "weak" in a paper about md5. >: Trying to support 3 encryption routines is loke trying to support three >: init routines. :) > >Well, that's true. We should relegate MD5 to the scrap heap then >:-). Actually, one of the features of the new sutff is a HUGE salt >sapce that make it impossible to store a dictionary on anything short >of a multiple terrabyte media. The problem isn't the size of the salt, but the quality. We should start to get the salt from /dev/random, that would >REALLY< be an improvement... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.