From owner-freebsd-security@FreeBSD.ORG Thu Jan 28 22:20:34 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F8CD1065676 for ; Thu, 28 Jan 2010 22:20:34 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp6.server.rpi.edu (smtp6.server.rpi.edu [128.113.2.226]) by mx1.freebsd.org (Postfix) with ESMTP id CEE938FC23 for ; Thu, 28 Jan 2010 22:20:33 +0000 (UTC) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp6.server.rpi.edu (8.13.1/8.13.1) with ESMTP id o0SMKUv7028779; Thu, 28 Jan 2010 17:20:31 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <75297887-C475-451D-B4A1-CB9D3A5BD2CA@mac.com> References: <20100128182413.GI892@noncombatant.org> <20100128135410.7b6fe154.wmoran@collaborativefusion.com> <20100128193941.GK892@noncombatant.org> <20100128151026.5738b6c1.wmoran@collaborativefusion.com> <20100128201857.GP892@noncombatant.org> <4B61FCFF.6040207@delphij.net> <75297887-C475-451D-B4A1-CB9D3A5BD2CA@mac.com> Date: Thu, 28 Jan 2010 17:20:29 -0500 To: Chuck Swiger From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Bayes-Prob: 0.0001 (Score 0) X-RPI-SA-Score: 0.00 () [Hold at 20.00] 22490(-25) X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.226 Cc: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jan 2010 22:20:34 -0000 At 2:13 PM -0800 1/28/10, Chuck Swiger wrote: >Hi-- > >On Jan 28, 2010, at 1:56 PM, Garance A Drosihn wrote: > > >> Might want to make it something like $1.nnn.bbb$, so the admin can specify >> the number of bits as well as the number of rounds. And then pick some >> algorithm where those two values make sense. :-) > >As Antoine points out in the link mentioned: > >> The integration into existing systems is easy if those systems already >> support the MD5-based solution. Ever since the introduction of the >> MD5-based method an extended password format is in used: >> > > $$$ >This seems to address the suggestion being made by Chris (and +1'ed >by others) in a fashion that is compatible with other >implementations.... Ah, yes, this seems like a fine idea. (so please ignore the message I sent about 45 seconds ago!) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu