Date: Fri, 8 Jun 2012 19:28:57 +0200 From: Ruud Althuizen <ruud@stack.nl> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120608172857.GE2410@stack.nl> In-Reply-To: <20120608174708.65bc90db@gumby.homeunix.com> References: <86r4tqotjo.fsf@ds4.des.no> <20120608174708.65bc90db@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--lMM8JwqTlfDpEaS6 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri 08 Jun 2012 05:47 PM, RW wrote: > On Fri, 08 Jun 2012 14:51:55 +0200 > Dag-Erling Sm=C3=B8rgrav wrote: >=20 > > We still have MD5 as our default password hash, even though known-hash > > attacks against MD5 are relatively easy these days. =20 >=20 > Are any of those attacks relevant to salted passwords even with a > single MD5 hash, let alone FreeBSD's complicated iterative algorithm?=20 Complication isn't your friend when considering cryptography. --=20 With kind regards, Ruud Althuizen --lMM8JwqTlfDpEaS6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk/SNlkACgkQkqncCMFskRU+NgCfXMQOI9o3edJJDVEeqQQB3qQT OJsAoIMswOLjYAWVS5XKEs2Sci5iB7AJ =fysR -----END PGP SIGNATURE----- --lMM8JwqTlfDpEaS6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120608172857.GE2410>