Re: Porting OpenBSD eksblowfish to PAM (was Re: md5 default)

To: Tommi Virtanen <tv-nospam-2a55ce@debian.org>
Cc: <debian-devel@lists.debian.org>
Subject: Re: Porting OpenBSD eksblowfish to PAM (was Re: md5 default)
From: Steve Langasek <vorlon@netexpress.net>
Date: Sun, 8 Apr 2001 23:47:39 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.30.0104081844220.14445-100000@tennyson.netexpress.net>
In-reply-to: <[🔎] 87hf009ab0.fsf_-_@ki.yok.utu.fi>

On 7 Apr 2001, Tommi Virtanen wrote:

> Ethan Benson <erbenson@alaska.net> writes:

> > > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > > passwd entries with "$2" as the password type, so this would be the
> > > one to go with for something more secure.
> > no kidding, try running john on the 3 different types, with old style
> > crypt it can get around 64000 hashes per second, md5 is down to 1400,
> > OpenBSD blowfish about 30.  (on a 400ish Mhz machine)

> > it even takes several minutes to break a hideously lame password
> > hashed in blowfish compared to the near instant results under md5.

> > you can also raise the number of rounds used under OpenBSD, by default
> > root has a few more rounds then ordinary users which makes brute force
> > attacks even slower still.

> 	I have long pondered porting the OpenBSD eksblowfish
>         password hashing over to PAM, but have never had the
>         time. Any takers?

Patches to pam_unix that did this would no doubt be welcomed by the upstream.
:)  Both glibc and pam_unix have support for md5 passwords; does glibc also
have support for SHA-1 or Blowfish now?

Steve Langasek
postmodern programmer

Reply to:

References:
- Porting OpenBSD eksblowfish to PAM (was Re: md5 default)
  - From: Tommi Virtanen <tv-nospam-2a55ce@debian.org>

Prev by Date: Re: Bug#93201: arch is set to i386 instead of any
Next by Date: orphaning lm-sensors, i2c
Previous by thread: Porting OpenBSD eksblowfish to PAM (was Re: md5 default)
Next by thread: Re: md5 default (was Re: Security trough paranoia)
Index(es):
- Date
- Thread