From owner-freebsd-security Thu Jun 20 8: 7:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail1.qc.uunet.ca (mail1.qc.uunet.ca [198.168.54.16]) by hub.freebsd.org (Postfix) with ESMTP id 2E1F637B403 for ; Thu, 20 Jun 2002 08:07:50 -0700 (PDT) Received: from xtanbul ([216.94.147.34]) by mail1.qc.uunet.ca (8.10.2/8.10.2) with ESMTP id g5KF7TN03308; Thu, 20 Jun 2002 11:07:30 -0400 Date: Thu, 20 Jun 2002 11:03:57 -0400 Subject: Re: hash-password length relation (was: Password security) Content-Type: text/plain; charset=ISO-8859-1; format=flowed Mime-Version: 1.0 (Apple Message framework v482) Cc: "Eric F Crist" , "'Ryan Thompson'" , "'Bill Moran'" , To: Dag-Erling Smorgrav From: Antoine Beaupre In-Reply-To: Message-Id: Content-Transfer-Encoding: quoted-printable X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank you everyone for such quick response. A. Le jeudi 20 juin 2002, =E0 11:00 AM, Dag-Erling Smorgrav a =E9crit : > Antoine Beaupre writes: >> Does the length of the encrypted password grow with the length of the >> password? > > Traditional DES always produces a 13-byte hash (including the salt). > MD5 produces a 31-byte hash (also including the salt). Blowfish > produces a 32-byte hash with (IIRC) a variable-length salt of up to 16 > bytes. Both MD5 and Blowfish use a special prefix to identify the > hash algorithm used; it's usually three bytes long for MD5 and five or > six bytes long for Blowfish. > > DES > -- > Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message