From owner-freebsd-security Tue Jun 15 14:15:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 7809714C4C for ; Tue, 15 Jun 1999 14:15:18 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id XAA07663; Tue, 15 Jun 1999 23:12:12 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Gregory Sutter Cc: Warner Losh , Holtor , freebsd-security@FreeBSD.ORG Subject: Re: DES & MD5? In-reply-to: Your message of "Tue, 15 Jun 1999 13:50:03 PDT." <19990615135003.U37775@001101.zer0.org> Date: Tue, 15 Jun 1999 23:12:11 +0200 Message-ID: <7661.929481131@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19990615135003.U37775@001101.zer0.org>, Gregory Sutter writes: >On Tue, Jun 15, 1999 at 08:49:04AM +0200, Poul-Henning Kamp wrote: >> >> Uhm, sorry Warner, but that is not true. A brute force attack on >> MD5 is many orders of magnitude slower than on DES. > >At USENIX, Niels Provos and David Mazieres presented a paper entitled >"A Future-Adaptable Password Scheme", in which they described two >algorithms with adaptable cost, I've seen it. I think they're missing the >real< point by a large margin, (or at least they did in the version I read). In my opinion the most important thing is to realize that scrambled passwords are cheap to replace, and therefore a "kleenex" principle can be applied to the protection. If the MD5 seems to be under attack, we'll just change to something else, and if that comes under attack, we change again, and so on. That said I'm sure their algorithm is at least as good, and quite likely much better than the MD5 based one that I wrote, but the important thing is the '$1$' at the front of the password which will allow us to change the entire thing at moments notice: Install new libcrypt ("$2$", or "$3$" or whatever) Set all passwords to expire in 1hour/day/week/month/year Tell your users that they havn't changed their password for too long And any threat to you password scrambling is eliminated... -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message