From owner-freebsd-security@FreeBSD.ORG Tue Jan 6 10:27:49 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 600061065693 for ; Tue, 6 Jan 2009 10:27:49 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from fallbackmx10.syd.optusnet.com.au (fallbackmx10.syd.optusnet.com.au [211.29.132.251]) by mx1.freebsd.org (Postfix) with ESMTP id CAE8E8FC31 for ; Tue, 6 Jan 2009 10:27:48 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail18.syd.optusnet.com.au (mail18.syd.optusnet.com.au [211.29.132.199]) by fallbackmx10.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n068VL9a016800 for ; Tue, 6 Jan 2009 19:31:21 +1100 Received: from server.vk2pj.dyndns.org (c122-106-215-175.belrs3.nsw.optusnet.com.au [122.106.215.175]) by mail18.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n068VIZ3016021 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Jan 2009 19:31:19 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.3/8.14.3) with ESMTP id n068VIHx016022; Tue, 6 Jan 2009 19:31:18 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.3/8.14.3/Submit) id n068VHR6016021; Tue, 6 Jan 2009 19:31:17 +1100 (EST) (envelope-from peter) Date: Tue, 6 Jan 2009 19:31:17 +1100 From: Peter Jeremy To: "O. Hartmann" Message-ID: <20090106083117.GI87057@server.vk2pj.dyndns.org> References: <495FDC97.4090301@mail.zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pyE8wggRBhVBcj8z" Content-Disposition: inline In-Reply-To: <495FDC97.4090301@mail.zedat.fu-berlin.de> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-security@freebsd.org Subject: Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2009 10:27:49 -0000 --pyE8wggRBhVBcj8z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2009-Jan-03 22:45:59 +0100, "O. Hartmann" wrote: >Well, I never digged deep enough into the source code to reveal the >magic and truth, so I will ask here for some help. The relevant algorithms and their names are embedded in src/lib/libcrypt/crypt.c > Is it possible to >change the md5-algorithm by default towards sha1 as recommended after >the md5-collisions has been published? Note that both MD5 and SHA1 are broken in the cryprographic sense. As various people have noted, the known breaks do not impact on MD5 password hashes. --=20 Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. --pyE8wggRBhVBcj8z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkljFtUACgkQ/opHv/APuIe2zgCfTpyLM2ZlfYioAJBygIYSu9en RcQAniInhQhLK78fjnSeLHbESWwoJTY3 =jC7v -----END PGP SIGNATURE----- --pyE8wggRBhVBcj8z--