Porting OpenBSD eksblowfish to PAM (was Re: md5 default)
Ethan Benson <erbenson@alaska.net> writes:
> > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > passwd entries with "$2" as the password type, so this would be the
> > one to go with for something more secure.
> no kidding, try running john on the 3 different types, with old style
> crypt it can get around 64000 hashes per second, md5 is down to 1400,
> OpenBSD blowfish about 30. (on a 400ish Mhz machine)
>
> it even takes several minutes to break a hideously lame password
> hashed in blowfish compared to the near instant results under md5.
>
> you can also raise the number of rounds used under OpenBSD, by default
> root has a few more rounds then ordinary users which makes brute force
> attacks even slower still.
I have long pondered porting the OpenBSD eksblowfish
password hashing over to PAM, but have never had the
time. Any takers?
http://citeseer.nj.nec.com/provos99futureadaptable.html
http://www.usenix.org/events/usenix99/provos.html
--
tv@{{hq.yok.utu,havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks. | so beautifully.
Reply to: