[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 default (was Re: Security trough paranoia)

On Thu, Apr 05, 2001 at 12:41:41PM -0700, Joey Hess wrote:
> Template: passwd/md5

Why hasn't SHA-1 been considered as a password hash algorithm? It's
typically considered more secure than MD5 in crypto circles[1].

I'm not familiar with the typical implementations of MD5 passwords,
but do they use some kind of salt[2]? If they don't, finding duplicate
passwords among users (even on different systems!) is trivial. "god"
will hash to a4757d7419ff3b48e92e90596f0e7548 for any user on any system
unless some kind of salt is used. If you saw the same md5sum of two
users' passwords it would be highly likely that they used the same
password. That's a weakness that DES Unix passwords don't have since
they use a salt[3].

[1]. http://www.scramdisk.clara.net/pgpfaq.html#SubMD5Broke
[2]. http://cp.waldo.net/mirror/#sec5
[3]. http://www.svlug.org/prev/2000feb/img4.htm

Attachment: pgpyedBm_L9lO.pgp
Description: PGP signature

Reply to: