Date: Fri, 8 Jun 2012 17:47:08 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Default password hash Message-ID: <20120608174708.65bc90db@gumby.homeunix.com> In-Reply-To: <86r4tqotjo.fsf@ds4.des.no> References: <86r4tqotjo.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 08 Jun 2012 14:51:55 +0200 Dag-Erling Sm=F8rgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days. =20 Are any of those attacks relevant to salted passwords even with a single MD5 hash, let alone FreeBSD's complicated iterative algorithm?=20 =20 > We've supported SHA256 and SHA512 for many years now, so how about > making SHA512 the default instead of MD5, like on most Linux > distributions? I think the most important consideration is which is most resistant to brute force dictionary attack with GPUs. From a quick look at the code SHA512 looks to have 5000 rounds compared to MD5's 1000, but it's not so easy to compare with Blowfish.=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120608174708.65bc90db>