From owner-freebsd-security Tue Jun 15 17: 0:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 4A2C4156A7 for ; Tue, 15 Jun 1999 17:00:13 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id JAA01592; Wed, 16 Jun 1999 09:30:09 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA19602; Wed, 16 Jun 1999 09:31:22 +0930 Date: Wed, 16 Jun 1999 09:31:22 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Gregory Sutter Cc: freebsd-security@freebsd.org Subject: Re: DES & MD5? In-Reply-To: <19990615135003.U37775@001101.zer0.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Jun 1999, Gregory Sutter wrote: > At USENIX, Niels Provos and David Mazieres presented a paper entitled > "A Future-Adaptable Password Scheme", in which they described two > algorithms with adaptable cost, including a block cipher _eksblowfish_ > and _bcrypt_, a related hash function. In the paper, they have a > comparison graph of traditional/bitsliced DES, MD5, and bcrypt (Figure > 5). In summary, the graph shows bcrypt to be over 10^1 times slower > than MD5 and many orders of magnitude slower than DES. MD5 is itself > many orders of magnitude slower than DES, but has a fixed cost. > > FTR, bcrypt supports a variable number of rounds so that it will be > adaptable and secure as hardware speeds increase. I left the > presentation very impressed with the work. This is the openbsd password hash scheme, isn't it? I've got patches to support this (among other things) almost ready to go. Essentially they just iterate 2^n rounds of cipher, whereas the current MD5 scheme just does 1000 rounds. ISTR hearing of known weaknesses with iterating MD5 large numbers of times, but I don't have a reference handy. Kris > Greg > -- > Gregory S. Sutter If ignorance is bliss, you must be orgasmic. > mailto:gsutter@pobox.com > http://www.pobox.com/~gsutter/ > PGP DSS public key 0x40AE3052 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message