[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 default (was Re: Security trough paranoia)

On Fri, Apr 06, 2001 at 11:42:43PM -0800, Ethan Benson wrote:
> On Sat, Apr 07, 2001 at 04:52:18PM +1200, Carey Evans wrote:
> > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > passwd entries with "$2" as the password type, so this would be the
> > one to go with for something more secure.
> no kidding, try running john on the 3 different types, with old style
> crypt it can get around 64000 hashes per second, md5 is down to 1400,
> OpenBSD blowfish about 30.  (on a 400ish Mhz machine)
> it even takes several minutes to break a hideously lame password
> hashed in blowfish compared to the near instant results under md5.

That was one of the design decisions for Blowfish: The very slow key
setup phase makes brute force attacks difficult, but once the tables
are set up, en/decryption is fast.

Still, IMHO it is a bad decision to use a block cipher as a hash
function - something it was not designed for. You can always get the
same effect with any hash function by not storing part of the salt. 

Personally, I'd also prefer SHA/1, but at the end of the day it
doesn't really matter, because the weakest link is not the algorithm,
but lusers choosing poor passwords...



  __   _
  |_) /|  Richard Atterer     |  CS student at the Technische  |  GnuPG key:
  | \/¯|  http://atterer.net  |  Universität München, Germany  |  0x888354F7
  ¯ ´` ¯

Attachment: pgpuWddIX9FRw.pgp
Description: PGP signature

Reply to: