Date: Tue, 15 Jun 1999 17:51:46 -0400 (EDT) From: Dug Song <dugsong@monkey.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: DES & MD5? Message-ID: <Pine.BSO.4.10.9906151736550.26447-100000@funky.monkey.org> In-Reply-To: <7661.929481131@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Jun 1999, Poul-Henning Kamp wrote: > That said I'm sure their algorithm is at least as good, and quite > likely much better than the MD5 based one that I wrote, but the > important thing is the '$1$' at the front of the password which > will allow us to change the entire thing at moments notice... OpenBSD's crypt has exactly the same version identifiers: dugsong:$2a$06$S19R7BvVkFxEkKfiYsGOk.RVtuPl5.SmnWU... ^^^^ and they credited you this particular insight their paper (see section 6.1.2, http://www.citi.umich.edu/u/provos/papers/bcrypt.ps.gz): MD5 crypt was written by Poul-Henning Kamp for FreeBSD... The output is the concatenation of the version identifier "$1$", the salt, a "$" separator, and the 128-bit hash output. > I think they're missing the >real< point by a large margin, (or at least > they did in the version I read). what *is* the point, then, if not this? Instead of repeatedly throwing out functions like crypt and MD5 crypt to start over with more expensive but incompatible ones, systems should allow the cost of any password manipulation software to scale gracefully with a tunable parameter. having version identifiers in passwd entries solves only half the problem. -d. --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.10.9906151736550.26447-100000>