From owner-freebsd-security  Sat May 30 12:32:38 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA20937
          for freebsd-security-outgoing; Sat, 30 May 1998 12:32:38 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from alpha.sea-to-sky.net (sreid@sea-to-sky.net [204.244.200.240])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20880;
          Sat, 30 May 1998 12:32:09 -0700 (PDT)
          (envelope-from sreid@alpha.sea-to-sky.net)
Received: (from sreid@localhost)
	by alpha.sea-to-sky.net (8.8.7/8.8.7) id MAA20828;
	Sat, 30 May 1998 12:40:30 -0700
Date: Sat, 30 May 1998 12:40:30 -0700 (PDT)
From: Steve Reid <sreid@alpha.sea-to-sky.net>
To: "J.A. Terranson" <sysadmin@mfn.org>
cc: "'Gary Palmer'" <gpalmer@FreeBSD.ORG>,
        Open Systems Networking <opsys@mail.webspan.net>,
        Cory Kempf <ckempf@enigami.com>,
        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: RE: MD5 v. DES? 
In-Reply-To: <01BD8BC3.962CBD80@w3svcs.mfn.org>
Message-ID: <Pine.LNX.3.95.iB1.0.980530121236.20263A-100000@alpha.sea-to-sky.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 30 May 1998, J.A. Terranson wrote:
> Within this context, I would submit that DES is the "better"
> function, as it is not subject to "birthday" problems, I do realize
> however, in the *real* world, this is probably not a *real* issue... 

As far as I know, all hash functions are subject to birthday attacks,
including DES when it is used as a hash function. In fact, DES-based
crypt is more vulnerable to birthday attacks than MD5, because the DES
hash produces fewer bits.

Birthday attacks don't really work against password files though: you'd
need to have billions of users before you are likely to have two with
different password/salt but the same DES hash. 

As for DES and MD5 being apples and oranges, that's not quite true. 
There are constructions to use block ciphers as hash functions, and
constructions to use hash functions as block ciphers. Still, you are
better off using the right tool for the job, which in the case of crypt
is MD5 (when you have the choice).



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message