Date: Sat, 9 Jun 2012 17:41:09 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120609174109.1e100b64@gumby.homeunix.com> In-Reply-To: <4FD334BE.4020900@sentex.net> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net>
index | next in thread | previous in thread | raw e-mail
On Sat, 09 Jun 2012 07:34:22 -0400 Mike Tancsa wrote: > On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote: > > We still have MD5 as our default password hash, even though > > known-hash attacks against MD5 are relatively easy these days. > > We've supported SHA256 and SHA512 for many years now, so how about > > making SHA512 the default instead of MD5, like on most Linux > > distributions? > > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there. > > RELENG_7 is supported until 2013 > > Sort of a security issue Lets not forget that this is an attack against insecure passwords performed after an attacker has already gained root or physical access. > considering this assessment of MD5 > > http://phk.freebsd.dk/sagas/md5crypt_eol.html In the context of that all the existing algorithms are pretty insecure. The people that are doing this are brute forcing passwords; the cryptographic merits of the underlying hash are immaterial, except in as far as they slow things down. I would estimate that md5crypt vs sha512crypt is roughly: 2.5 * (5000rounds/1000rounds) * (512bits/128bits) = 50 to put that in context, going from simple md5 to md5crypt is factor of ~1024. 50 is equivalent to less than 6bits of password entropy. In some cases it may make little difference to the percentage of passwords cracked.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120609174109.1e100b64>