From owner-freebsd-security@FreeBSD.ORG Sat Jun 9 16:41:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC23B1065670 for ; Sat, 9 Jun 2012 16:41:14 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 472A88FC17 for ; Sat, 9 Jun 2012 16:41:13 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so1842849wgb.31 for ; Sat, 09 Jun 2012 09:41:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=OY7nLRh8jXBaqae4inCRNYH9MplrkBCitdr2Ht6QFic=; b=GFmUE/n3DbpJQx7Ylk2itT7e3vxoNZCWttVAvS3Yap059H/a2dhCy5j+1c8aQcDp6X C2S+Yn3QGxovPBTt7WplJ05FfeTTK3raGrIlXXubUglJDcaf98eDqtqpHXF4IhcKlXBG Vdd+f2K65DeT4KsFtSIcUIXLM/eqq9H1xPFbGJn95UO0Q8qieekJlJZi8fa92oT/5JWQ BvIAz0J7NFbhA95IZWhjcJUKujlRzhnsG/Z/H113227evgdR7MQpTN0lhkO6ixd+ARIi h6xnSx1gtyBXG3H4SbOpI22qfm2hWJbuLEk7wwL1EYt/GjlVWOdZLpStLtL4XyJKC4q+ 6tqg== Received: by 10.180.80.37 with SMTP id o5mr8727560wix.12.1339260073026; Sat, 09 Jun 2012 09:41:13 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id gv7sm10363994wib.4.2012.06.09.09.41.11 (version=SSLv3 cipher=OTHER); Sat, 09 Jun 2012 09:41:11 -0700 (PDT) Date: Sat, 9 Jun 2012 17:41:09 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120609174109.1e100b64@gumby.homeunix.com> In-Reply-To: <4FD334BE.4020900@sentex.net> References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 16:41:14 -0000 On Sat, 09 Jun 2012 07:34:22 -0400 Mike Tancsa wrote: > On 6/8/2012 8:51 AM, Dag-Erling Sm=F8rgrav wrote: > > We still have MD5 as our default password hash, even though > > known-hash attacks against MD5 are relatively easy these days. > > We've supported SHA256 and SHA512 for many years now, so how about > > making SHA512 the default instead of MD5, like on most Linux > > distributions? >=20 > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there. >=20 > RELENG_7 is supported until 2013 >=20 > Sort of a security issue=20 Lets not forget that this is an attack against insecure passwords performed after an attacker has already gained root or physical access. > considering this assessment of MD5 >=20 > http://phk.freebsd.dk/sagas/md5crypt_eol.html In the context of that all the existing algorithms are pretty insecure. The people that are doing this are brute forcing passwords; the cryptographic merits of the underlying hash are immaterial, except in as far as they slow things down.=20 I would estimate that md5crypt vs sha512crypt is roughly: 2.5 * (5000rounds/1000rounds) * (512bits/128bits) =3D 50 to put that in context, going from simple md5 to md5crypt is factor of ~1024. 50 is equivalent to less than 6bits of password entropy. In some cases it may make little difference to the percentage of passwords cracked. =20