Date: Thu, 28 Jan 2010 17:20:29 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore Message-ID: <p0624080bc787bddcb8dd@[128.113.24.47]> In-Reply-To: <75297887-C475-451D-B4A1-CB9D3A5BD2CA@mac.com> References: <20100128182413.GI892@noncombatant.org> <20100128135410.7b6fe154.wmoran@collaborativefusion.com> <20100128193941.GK892@noncombatant.org> <20100128151026.5738b6c1.wmoran@collaborativefusion.com> <20100128201857.GP892@noncombatant.org> <4B61FCFF.6040207@delphij.net> <p06240808c787b7763922@[128.113.24.47]> <75297887-C475-451D-B4A1-CB9D3A5BD2CA@mac.com>
index | next in thread | previous in thread | raw e-mail
At 2:13 PM -0800 1/28/10, Chuck Swiger wrote: >Hi-- > >On Jan 28, 2010, at 1:56 PM, Garance A Drosihn wrote: > > >> Might want to make it something like $1.nnn.bbb$, so the admin can specify >> the number of bits as well as the number of rounds. And then pick some >> algorithm where those two values make sense. :-) > >As Antoine points out in the link mentioned: > >> The integration into existing systems is easy if those systems already >> support the MD5-based solution. Ever since the introduction of the >> MD5-based method an extended password format is in used: >> > > $<ID>$<SALT>$<PWD> >This seems to address the suggestion being made by Chris (and +1'ed >by others) in a fashion that is compatible with other >implementations.... Ah, yes, this seems like a fine idea. (so please ignore the message I sent about 45 seconds ago!) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.eduhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0624080bc787bddcb8dd>