Porting OpenBSD eksblowfish to PAM (was Re: md5 default)
Ethan Benson <email@example.com> writes:
> > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > passwd entries with "$2" as the password type, so this would be the
> > one to go with for something more secure.
> no kidding, try running john on the 3 different types, with old style
> crypt it can get around 64000 hashes per second, md5 is down to 1400,
> OpenBSD blowfish about 30. (on a 400ish Mhz machine)
> it even takes several minutes to break a hideously lame password
> hashed in blowfish compared to the near instant results under md5.
> you can also raise the number of rounds used under OpenBSD, by default
> root has a few more rounds then ordinary users which makes brute force
> attacks even slower still.
I have long pondered porting the OpenBSD eksblowfish
password hashing over to PAM, but have never had the
time. Any takers?
unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks. | so beautifully.