From owner-freebsd-hackers Sat Jun 2 3:40:47 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from brainlink.com (mail.brainlink.com [149.2.32.129]) by hub.freebsd.org (Postfix) with ESMTP id 88C1B37B422 for ; Sat, 2 Jun 2001 03:40:44 -0700 (PDT) (envelope-from spork@gronim.com) Received: from [208.41.77.198] (HELO gronim.com) by brainlink.com (CommuniGate Pro SMTP 3.3.2) with ESMTP id 6673514; Sat, 02 Jun 2001 06:39:44 -0400 Received: (from spork@localhost) by gronim.com (8.11.3/8.11.0) id f52AaBj15681; Sat, 2 Jun 2001 06:36:11 -0400 (EDT) (envelope-from spork) Date: Sat, 2 Jun 2001 06:36:11 -0400 From: Spike Gronim To: Poul-Henning Kamp Cc: Spike Gronim , freebsd-hackers@FreeBSD.ORG Subject: Re: The design of the MD5 crypt() in FreeBSD Message-ID: <20010602063611.A15624@spike.gronim.com> References: <20010601234448.A12479@spike.gronim.com> <33076.991460788@critter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <33076.991460788@critter>; from phk@critter.freebsd.dk on Sat, Jun 02, 2001 at 07:46:28AM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jun 02, 2001 at 07:46:28AM +0200, Poul-Henning Kamp wrote: > In message <20010601234448.A12479@spike.gronim.com>, Spike Gronim writes: > > > I understand the literal meaning of /usr/src/lib/libcrypt/crypt-md5.c, > >and the algorithm it uses to create it's output. However, I do not understand > >the design criteria or functional purpose of several elements of the process. > > At the time the MD5 hash was written we could not use anything DES based > due to ITAR. > > The design criteria was to get a strong, preferably stronger than DES, > password encryption, which would make brute force attacks very much > harder. [snip] > > The overall MD5 chewing code were done to try to make the algorithm > unsuitable for hardware implementation (MD5 is already pretty bad > for that) the various unlinear steps would make it practically > impossible to do a hardware implementation of anything but the basic > MD5: you would still need to iterate through it. Ah, I hadn't considered that. That pretty much answers my question. > > I don't know enough about cryptographic math to argue that this > algorithm is perfect or even "good". I know it to be better than > the DES things, and infinitely better than the scrambler we had > to fill the hole for DES at the time. > > In light of this theoretical backing, I introduced the $1$ marker, > which allows the algorithm to be replaced in a backwards compatible > way (as already done by OpenBSD). > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. -- --Spike Gronim gronimw@stuy.edu "Oh yes? An obscene triangle which, has more courage than the word." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message