From owner-freebsd-security Thu Jun 20 8: 1:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id AA43237B43A for ; Thu, 20 Jun 2002 08:00:27 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id B08195361; Thu, 20 Jun 2002 17:00:24 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Antoine Beaupre Cc: "Eric F Crist" , "'Ryan Thompson'" , "'Bill Moran'" , Subject: Re: hash-password length relation (was: Password security) References: <1C4414A2-845C-11D6-887B-0050E4A0BB3F@anarcat.ath.cx> From: Dag-Erling Smorgrav Date: 20 Jun 2002 17:00:23 +0200 In-Reply-To: <1C4414A2-845C-11D6-887B-0050E4A0BB3F@anarcat.ath.cx> Message-ID: Lines: 14 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Antoine Beaupre writes: > Does the length of the encrypted password grow with the length of the > password? Traditional DES always produces a 13-byte hash (including the salt). MD5 produces a 31-byte hash (also including the salt). Blowfish produces a 32-byte hash with (IIRC) a variable-length salt of up to 16 bytes. Both MD5 and Blowfish use a special prefix to identify the hash algorithm used; it's usually three bytes long for MD5 and five or six bytes long for Blowfish. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message