Date: 15 Jun 1999 09:22:08 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Kris Kennaway <kkennawa@physics.adelaide.edu.au> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, Warner Losh <imp@harmony.village.org>, Holtor <holtor@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: Re: DES & MD5? Message-ID: <xzp7lp6exnj.fsf@flood.ping.uio.no> In-Reply-To: Kris Kennaway's message of "Tue, 15 Jun 1999 16:31:22 %2B0930 (CST)" References: <Pine.OSF.4.10.9906151628010.1783-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kkennawa@physics.adelaide.edu.au> writes: > Warner's point, I believe, was that without using YP there's no easy way to > get at the encrypted passwords and thereby brute-force them. With YP (or > equivalently, some other bug/exploit which exposes the password file) then the > properties of your hash function does matter. Always assume the bad guys have your password files. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp7lp6exnj.fsf>