Date: Fri, 8 Jun 2012 19:28:57 +0200 From: Ruud Althuizen <ruud@stack.nl> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120608172857.GE2410@stack.nl> In-Reply-To: <20120608174708.65bc90db@gumby.homeunix.com> References: <86r4tqotjo.fsf@ds4.des.no> <20120608174708.65bc90db@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri 08 Jun 2012 05:47 PM, RW wrote: > On Fri, 08 Jun 2012 14:51:55 +0200 > Dag-Erling Smørgrav wrote: > > > We still have MD5 as our default password hash, even though known-hash > > attacks against MD5 are relatively easy these days. > > Are any of those attacks relevant to salted passwords even with a > single MD5 hash, let alone FreeBSD's complicated iterative algorithm? Complication isn't your friend when considering cryptography. -- With kind regards, Ruud Althuizen [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk/SNlkACgkQkqncCMFskRU+NgCfXMQOI9o3edJJDVEeqQQB3qQT OJsAoIMswOLjYAWVS5XKEs2Sci5iB7AJ =fysR -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120608172857.GE2410>