From owner-freebsd-security Thu May 16 15:59: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id 6318A37B401 for ; Thu, 16 May 2002 15:59:02 -0700 (PDT) Received: (from mph@localhost) by wopr.caltech.edu (8.11.6/8.11.6) id g4GMwvR47173; Thu, 16 May 2002 15:58:57 -0700 (PDT) (envelope-from mph) Date: Thu, 16 May 2002 15:58:57 -0700 From: Matthew Hunt To: Jesper Wallin Cc: pulz@pulz.no, security@FreeBSD.ORG Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020516155856.A46782@wopr.caltech.edu> References: <007901c1fd27$02f29a10$fa00a8c0@elixor> <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, May 17, 2002 at 12:22:40AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 17, 2002 at 12:22:40AM +0200, Jesper Wallin wrote: > How will that effect my security? Isn't it more secure to use 128 characters > instead of 8? Sounds like, if the security was the same the blowfish would > be default or something similar.. What do You recommend? DES is the traditional algorithm, and is probably the default for interoperability with old software and NIS. I've used MD5 for years with no trouble for the longer password support. If you don't run NIS, then I don't think there's any reason to stick with DES. -- Matthew Hunt * Inertia is a property http://www.pobox.com/~mph/ * of matter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message