From owner-freebsd-security@FreeBSD.ORG  Sun Jan  4 10:11:07 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8147A106564A
	for <freebsd-security@freebsd.org>;
	Sun,  4 Jan 2009 10:11:07 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	by mx1.freebsd.org (Postfix) with ESMTP id 447B88FC1C
	for <freebsd-security@freebsd.org>;
	Sun,  4 Jan 2009 10:11:07 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (unknown [192.168.61.3])
	by phk.freebsd.dk (Postfix) with ESMTP id 002CC17001;
	Sun,  4 Jan 2009 09:41:05 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.14.3/8.14.3) with ESMTP id n049f5QX038333;
	Sun, 4 Jan 2009 09:41:05 GMT (envelope-from phk@critter.freebsd.dk)
To: "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Sat, 03 Jan 2009 22:45:59 +0100."
	<495FDC97.4090301@mail.zedat.fu-berlin.de> 
Date: Sun, 04 Jan 2009 09:41:05 +0000
Message-ID: <38332.1231062065@critter.freebsd.dk>
Sender: phk@critter.freebsd.dk
Cc: freebsd-security@freebsd.org
Subject: Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we
	configure SHA1 in /etc/login.conf? 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Jan 2009 10:11:07 -0000

In message <495FDC97.4090301@mail.zedat.fu-berlin.de>, "O. Hartmann" writes:

>MD5 seems to be compromised by potential collision attacks.

No it is not.

Single MD5 invocations with controlled plaintext allow you to
construct appendages to the plaintext, which would result in
identical MD5 hash values.

This does not affect your passwords.

1. If you already know peoples password, why futz with the encryption
   of them ?

2. MD5 password hash is not single invocation, in fact MD5 i iterated
   more than a thousand times in various permutations.  Nobody has
   any idea how to break that, short of brute force.

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.