[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Porting OpenBSD eksblowfish to PAM (was Re: md5 default)

Ethan Benson <erbenson@alaska.net> writes:

> > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > passwd entries with "$2" as the password type, so this would be the
> > one to go with for something more secure.
> no kidding, try running john on the 3 different types, with old style
> crypt it can get around 64000 hashes per second, md5 is down to 1400,
> OpenBSD blowfish about 30.  (on a 400ish Mhz machine)
> it even takes several minutes to break a hideously lame password
> hashed in blowfish compared to the near instant results under md5.  
> you can also raise the number of rounds used under OpenBSD, by default
> root has a few more rounds then ordinary users which makes brute force
> attacks even slower still.  

	I have long pondered porting the OpenBSD eksblowfish
        password hashing over to PAM, but have never had the
        time. Any takers?


unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software,  | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks.  | so beautifully.

Reply to: