Date: Fri, 8 Jun 2012 17:47:08 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120608174708.65bc90db@gumby.homeunix.com> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 08 Jun 2012 14:51:55 +0200 Dag-Erling Smørgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. Are any of those attacks relevant to salted passwords even with a single MD5 hash, let alone FreeBSD's complicated iterative algorithm? > We've supported SHA256 and SHA512 for many years now, so how about > making SHA512 the default instead of MD5, like on most Linux > distributions? I think the most important consideration is which is most resistant to brute force dictionary attack with GPUs. From a quick look at the code SHA512 looks to have 5000 rounds compared to MD5's 1000, but it's not so easy to compare with Blowfish.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120608174708.65bc90db>