Date: Sat, 9 Jun 2012 17:41:09 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120609174109.1e100b64@gumby.homeunix.com> In-Reply-To: <4FD334BE.4020900@sentex.net> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 09 Jun 2012 07:34:22 -0400 Mike Tancsa wrote: > On 6/8/2012 8:51 AM, Dag-Erling Sm=F8rgrav wrote: > > We still have MD5 as our default password hash, even though > > known-hash attacks against MD5 are relatively easy these days. > > We've supported SHA256 and SHA512 for many years now, so how about > > making SHA512 the default instead of MD5, like on most Linux > > distributions? >=20 > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there. >=20 > RELENG_7 is supported until 2013 >=20 > Sort of a security issue=20 Lets not forget that this is an attack against insecure passwords performed after an attacker has already gained root or physical access. > considering this assessment of MD5 >=20 > http://phk.freebsd.dk/sagas/md5crypt_eol.html In the context of that all the existing algorithms are pretty insecure. The people that are doing this are brute forcing passwords; the cryptographic merits of the underlying hash are immaterial, except in as far as they slow things down.=20 I would estimate that md5crypt vs sha512crypt is roughly: 2.5 * (5000rounds/1000rounds) * (512bits/128bits) =3D 50 to put that in context, going from simple md5 to md5crypt is factor of ~1024. 50 is equivalent to less than 6bits of password entropy. In some cases it may make little difference to the percentage of passwords cracked. =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120609174109.1e100b64>