From owner-freebsd-security@FreeBSD.ORG Sun Jun 10 17:47:04 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 41B831065670; Sun, 10 Jun 2012 17:47:04 +0000 (UTC) (envelope-from dweber@htw-saarland.de) Received: from theia.rz.uni-saarland.de (theia.rz.uni-saarland.de [134.96.7.31]) by mx1.freebsd.org (Postfix) with ESMTP id C0E0A8FC14; Sun, 10 Jun 2012 17:47:03 +0000 (UTC) Received: from itz-mail.htw-saarland.de (itz-mail.htw-saarland.de [134.96.210.141]) by theia.rz.uni-saarland.de (8.14.1/8.14.0) with ESMTP id q5AGtN37015481; Sun, 10 Jun 2012 18:55:23 +0200 Received: from magritte.htw-saarland.de (magritte.htw-saarland.de [134.96.216.98]) by itz-mail.htw-saarland.de (8.14.5/8.14.5) with ESMTP id q5AGtMWB007150; Sun, 10 Jun 2012 18:55:22 +0200 (CEST) Date: Sun, 10 Jun 2012 18:55:18 +0200 (CEST) From: Damian Weber To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= In-Reply-To: <20120610145351.GA1098@reks> Message-ID: References: <86r4tqotjo.fsf@ds4.des.no> <6E26E03B-8D1D-44D3-B94E-0552BE5CA894@FreeBSD.org> <20120610145351.GA1098@reks> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="2065465572-899095623-1339347323=:2189" X-Virus-Scanned: clamav-milter 0.97.3 at itz-mail X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (theia.rz.uni-saarland.de [134.96.7.31]); Sun, 10 Jun 2012 18:55:23 +0200 (CEST) X-AntiVirus: checked by AntiVir MailGate (version: 2.1.2-14; AVE: 7.9.10.68; VDF: 7.11.32.116; host: AntiVir1) Cc: freebsd-security@freebsd.org, Gleb Kurtsou , "Simon L. B. Nielsen" Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2012 17:47:04 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --2065465572-899095623-1339347323=:2189 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT > On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote: > > > We still have MD5 as our default password hash, even though known-hash > > attacks against MD5 are relatively easy these days. *collision* attacks are relatively easy these days, but against 1 MD5, not against 1000 times MD5 w.r.t. password hashes, a successful preimage attack would be threatening, which publications are you referring to? I found one preimage attack on reduced MD5, but it's theoretical (2^96 steps) "Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5*" eprint.iacr.org/2008/183.pdf > > We've supported > > SHA256 and SHA512 for many years now, so how about making SHA512 the > > default instead of MD5, like on most Linux distributions? there is a NIST hash competition running, the winner will soon be announced (and it won't be SHA256 or SHA512 ;-) http://csrc.nist.gov/groups/ST/hash/timeline.html so my suggestion would be to use all of the finalists - especially the winner - for password hashing * BLAKE * Grøstl * JH * Keccak * Skein see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm -- Damian Weber, --2065465572-899095623-1339347323=:2189--