[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Porting OpenBSD eksblowfish to PAM (was Re: md5 default)

On 7 Apr 2001, Tommi Virtanen wrote:

> Ethan Benson <erbenson@alaska.net> writes:

> > > OpenBSD and FreeBSD, at least, already support Blowfish hashes for
> > > passwd entries with "$2" as the password type, so this would be the
> > > one to go with for something more secure.
> > no kidding, try running john on the 3 different types, with old style
> > crypt it can get around 64000 hashes per second, md5 is down to 1400,
> > OpenBSD blowfish about 30.  (on a 400ish Mhz machine)

> > it even takes several minutes to break a hideously lame password
> > hashed in blowfish compared to the near instant results under md5.

> > you can also raise the number of rounds used under OpenBSD, by default
> > root has a few more rounds then ordinary users which makes brute force
> > attacks even slower still.

> 	I have long pondered porting the OpenBSD eksblowfish
>         password hashing over to PAM, but have never had the
>         time. Any takers?

Patches to pam_unix that did this would no doubt be welcomed by the upstream.
:)  Both glibc and pam_unix have support for md5 passwords; does glibc also
have support for SHA-1 or Blowfish now?

Steve Langasek
postmodern programmer

Reply to: