Date: Fri, 29 May 1998 13:04:56 -0700 (PDT) From: Steve Reid <sreid@alpha.sea-to-sky.net> To: Open Systems Networking <opsys@mail.webspan.net> Cc: Cory Kempf <ckempf@enigami.com>, freebsd-security@FreeBSD.ORG Subject: Re: MD5 v. DES? Message-ID: <Pine.LNX.3.95.iB1.0.980529124539.9369A-100000@alpha.sea-to-sky.net> In-Reply-To: <Pine.BSF.3.95.980529124005.10794B-100000@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Is there a discussion somewhere about the merits of MD5 v. DES? > > E.g. what advantages one has over the other? > > If I recall from past memories MD5 i believe is faster. The MD5 password hashing scheme in FreeBSD is slower than the traditional DES hashing. Both schemes, when they were designed, were deliberately made slow to make programs like "crack" slower. DES was extended to 25 rounds instead of the usual 16, and MD5 runs hundreds(?) of iterations of the hash function. The DES scheme was designed for a time when processors were not as fast as they are now, and so "crack" is very efficient when attacking DES-based password files. The MD5-based crypt is much slower, so "crack" takes considerably longer to run. Using MD5 instead of DES will use more of your CPU cycles, but the crackers feel it _much_ more because they have to run crypt constantly until the crack run is completed, instead of just running a crypt once at login. MD5 also has the benefit of being exportable, whereas DES is subject to restrictions in many countries because it was designed for encryption. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.iB1.0.980529124539.9369A-100000>