Date: Sat, 2 Jun 2001 06:36:11 -0400 From: Spike Gronim <william@brainlink.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Spike Gronim <william@brainlink.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: The design of the MD5 crypt() in FreeBSD Message-ID: <20010602063611.A15624@spike.gronim.com> In-Reply-To: <33076.991460788@critter>; from phk@critter.freebsd.dk on Sat, Jun 02, 2001 at 07:46:28AM %2B0200 References: <20010601234448.A12479@spike.gronim.com> <33076.991460788@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 02, 2001 at 07:46:28AM +0200, Poul-Henning Kamp wrote: > In message <20010601234448.A12479@spike.gronim.com>, Spike Gronim writes: > > > I understand the literal meaning of /usr/src/lib/libcrypt/crypt-md5.c, > >and the algorithm it uses to create it's output. However, I do not understand > >the design criteria or functional purpose of several elements of the process. > > At the time the MD5 hash was written we could not use anything DES based > due to ITAR. > > The design criteria was to get a strong, preferably stronger than DES, > password encryption, which would make brute force attacks very much > harder. [snip] > > The overall MD5 chewing code were done to try to make the algorithm > unsuitable for hardware implementation (MD5 is already pretty bad > for that) the various unlinear steps would make it practically > impossible to do a hardware implementation of anything but the basic > MD5: you would still need to iterate through it. Ah, I hadn't considered that. That pretty much answers my question. > > I don't know enough about cryptographic math to argue that this > algorithm is perfect or even "good". I know it to be better than > the DES things, and infinitely better than the scrambler we had > to fill the hole for DES at the time. > > In light of this theoretical backing, I introduced the $1$ marker, > which allows the algorithm to be replaced in a backwards compatible > way (as already done by OpenBSD). > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- --Spike Gronim gronimw@stuy.edu "Oh yes? An obscene triangle which, has more courage than the word." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010602063611.A15624>