Date: Tue, 15 Jun 1999 13:50:03 -0700 From: Gregory Sutter <gsutter@pobox.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Warner Losh <imp@harmony.village.org>, Holtor <holtor@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: Re: DES & MD5? Message-ID: <19990615135003.U37775@001101.zer0.org> In-Reply-To: <5182.929429344@critter.freebsd.dk>; from Poul-Henning Kamp on Tue, Jun 15, 1999 at 08:49:04AM %2B0200 References: <199906150643.AAA90605@harmony.village.org> <5182.929429344@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 15, 1999 at 08:49:04AM +0200, Poul-Henning Kamp wrote: > > Uhm, sorry Warner, but that is not true. A brute force attack on > MD5 is many orders of magnitude slower than on DES. At USENIX, Niels Provos and David Mazieres presented a paper entitled "A Future-Adaptable Password Scheme", in which they described two algorithms with adaptable cost, including a block cipher _eksblowfish_ and _bcrypt_, a related hash function. In the paper, they have a comparison graph of traditional/bitsliced DES, MD5, and bcrypt (Figure 5). In summary, the graph shows bcrypt to be over 10^1 times slower than MD5 and many orders of magnitude slower than DES. MD5 is itself many orders of magnitude slower than DES, but has a fixed cost. FTR, bcrypt supports a variable number of rounds so that it will be adaptable and secure as hardware speeds increase. I left the presentation very impressed with the work. Greg -- Gregory S. Sutter If ignorance is bliss, you must be orgasmic. mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990615135003.U37775>