Date: Wed, 16 Jun 1999 09:31:22 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: Gregory Sutter <gsutter@pobox.com> Cc: freebsd-security@freebsd.org Subject: Re: DES & MD5? Message-ID: <Pine.OSF.4.10.9906160927520.22473-100000@bragg> In-Reply-To: <19990615135003.U37775@001101.zer0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Jun 1999, Gregory Sutter wrote: > At USENIX, Niels Provos and David Mazieres presented a paper entitled > "A Future-Adaptable Password Scheme", in which they described two > algorithms with adaptable cost, including a block cipher _eksblowfish_ > and _bcrypt_, a related hash function. In the paper, they have a > comparison graph of traditional/bitsliced DES, MD5, and bcrypt (Figure > 5). In summary, the graph shows bcrypt to be over 10^1 times slower > than MD5 and many orders of magnitude slower than DES. MD5 is itself > many orders of magnitude slower than DES, but has a fixed cost. > > FTR, bcrypt supports a variable number of rounds so that it will be > adaptable and secure as hardware speeds increase. I left the > presentation very impressed with the work. This is the openbsd password hash scheme, isn't it? I've got patches to support this (among other things) almost ready to go. Essentially they just iterate 2^n rounds of cipher, whereas the current MD5 scheme just does 1000 rounds. ISTR hearing of known weaknesses with iterating MD5 large numbers of times, but I don't have a reference handy. Kris > Greg > -- > Gregory S. Sutter If ignorance is bliss, you must be orgasmic. > mailto:gsutter@pobox.com > http://www.pobox.com/~gsutter/ > PGP DSS public key 0x40AE3052 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9906160927520.22473-100000>