On Thu, Apr 05, 2001 at 12:41:41PM -0700, Joey Hess wrote: > Template: passwd/md5 Why hasn't SHA-1 been considered as a password hash algorithm? It's typically considered more secure than MD5 in crypto circles[1]. I'm not familiar with the typical implementations of MD5 passwords, but do they use some kind of salt[2]? If they don't, finding duplicate passwords among users (even on different systems!) is trivial. "god" will hash to a4757d7419ff3b48e92e90596f0e7548 for any user on any system unless some kind of salt is used. If you saw the same md5sum of two users' passwords it would be highly likely that they used the same password. That's a weakness that DES Unix passwords don't have since they use a salt[3]. [1]. http://www.scramdisk.clara.net/pgpfaq.html#SubMD5Broke [2]. http://cp.waldo.net/mirror/#sec5 [3]. http://www.svlug.org/prev/2000feb/img4.htm
Attachment:
pgpzs4pJV5mKd.pgp
Description: PGP signature