Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 16 Jul 2000 12:49:04 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        "O. Hartmann" <ohartman@ipamzlx.physik.uni-mainz.de>
Cc:        questions@FreeBSD.ORG
Subject:   Re: DES or Standard CRYPT?
Message-ID:  <20000716124904.A257@dialin-client.earthlink.net>
In-Reply-To: <Pine.BSF.4.10.10007161421030.393-100000@ipamzlx.physik.uni-mainz.de>; from ohartman@ipamzlx.physik.uni-mainz.de on Sun, Jul 16, 2000 at 02:25:24PM %2B0200
References:  <Pine.BSF.4.10.10007161421030.393-100000@ipamzlx.physik.uni-mainz.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 16, 2000 at 02:25:24PM +0200, O. Hartmann wrote:
> FreeBSD 4.0 comes with two different ways of encrypting passwords, either
> MD5 oder DES. I figured out that using DES limits the password lenth up to 
> 8 characters, while MD5 allows a maximum of 128 characters. The question
> I ask is: what kind of encryption service/lib should we use to have
> a secure system? Is MD5 hash sufficient or should we use DES? When linking
> libcrypt -> libdes, what is involved by this links? Only UNIX password
> encryption or other facilities?

For either DES or MD5 passwords, the standard method to crack
passwords will be a dictionary attack. For just about everyone but
NSA, a cryptographic attacks are not feasible. For this reason, if
your users choose "good" passwords, MD5 will be more secure since the
difficulty of a dictionary attack increases exponentially with the
length of the password. Of course, if your users pick weak passwords,
either can be cracked.

> Is X11 hard-coded limited to use login (which refelcts the used lib by
> limiting the length of the password, also) or is it possible to configure
> X11 login to use something else?

Are you talking about xdm(1) here? xdm does not use login(1). It uses
a 'xlogin' widget built into itself. However, xdm uses libcrypt, so it
will be using the same algorithm. That would seem to make a lot of
sense since xdm is using the same password file.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000716124904.A257>