From owner-freebsd-security Sat Feb 15 08:28:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA02719 for security-outgoing; Sat, 15 Feb 1997 08:28:16 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA02689 for ; Sat, 15 Feb 1997 08:28:03 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id RAA24630; Sat, 15 Feb 1997 17:30:40 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id RAA13476; Sat, 15 Feb 1997 17:29:56 +0100 (MET) To: Warner Losh cc: Stephen Fisher , security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Sat, 15 Feb 1997 08:09:17 MST." Date: Sat, 15 Feb 1997 17:29:56 +0100 Message-ID: <13474.856024196@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Warner Losh writes: >In message Stephen > Fisher writes: >: Where has this been used before though? MD5 and especially DES have been >: time proven and tested and white papers have been written, and people have >: studied them to death already. > >I don't have the references. > >However, reports have come in that brute force has cracked 40 and 48 >bit keys in less than a month. Next stop 56 bit keys :-). I have personally witnessed a P5/60 with a ISA card with some ASIC's break a well chosen password that was DES encrypted using bruteforce. It took slightly less than 3 hours. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.