From owner-freebsd-security  Fri May 29 12:57:29 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA24625
          for freebsd-security-outgoing; Fri, 29 May 1998 12:57:29 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from alpha.sea-to-sky.net (sreid@sea-to-sky.net [204.244.200.240])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA24577
          for <freebsd-security@FreeBSD.ORG>; Fri, 29 May 1998 12:57:08 -0700 (PDT)
          (envelope-from sreid@alpha.sea-to-sky.net)
Received: (from sreid@localhost)
	by alpha.sea-to-sky.net (8.8.7/8.8.7) id NAA09649;
	Fri, 29 May 1998 13:04:56 -0700
Date: Fri, 29 May 1998 13:04:56 -0700 (PDT)
From: Steve Reid <sreid@alpha.sea-to-sky.net>
To: Open Systems Networking <opsys@mail.webspan.net>
cc: Cory Kempf <ckempf@enigami.com>, freebsd-security@FreeBSD.ORG
Subject: Re: MD5 v. DES?
In-Reply-To: <Pine.BSF.3.95.980529124005.10794B-100000@orion.webspan.net>
Message-ID: <Pine.LNX.3.95.iB1.0.980529124539.9369A-100000@alpha.sea-to-sky.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > Is there a discussion somewhere about the merits of MD5 v. DES?
> > E.g. what advantages one has over the other?
> 
> If I recall from past memories MD5 i believe is faster. 

The MD5 password hashing scheme in FreeBSD is slower than the
traditional DES hashing.

Both schemes, when they were designed, were deliberately made slow to
make programs like "crack" slower. DES was extended to 25 rounds instead
of the usual 16, and MD5 runs hundreds(?) of iterations of the hash
function. The DES scheme was designed for a time when processors were
not as fast as they are now, and so "crack" is very efficient when
attacking DES-based password files. The MD5-based crypt is much slower,
so "crack" takes considerably longer to run.

Using MD5 instead of DES will use more of your CPU cycles, but the
crackers feel it _much_ more because they have to run crypt constantly
until the crack run is completed, instead of just running a crypt once
at login. 

MD5 also has the benefit of being exportable, whereas DES is subject to
restrictions in many countries because it was designed for encryption.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message