Date: Sun, 16 Jul 2000 12:49:04 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: "O. Hartmann" <ohartman@ipamzlx.physik.uni-mainz.de> Cc: questions@FreeBSD.ORG Subject: Re: DES or Standard CRYPT? Message-ID: <20000716124904.A257@dialin-client.earthlink.net> In-Reply-To: <Pine.BSF.4.10.10007161421030.393-100000@ipamzlx.physik.uni-mainz.de>; from ohartman@ipamzlx.physik.uni-mainz.de on Sun, Jul 16, 2000 at 02:25:24PM %2B0200 References: <Pine.BSF.4.10.10007161421030.393-100000@ipamzlx.physik.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 16, 2000 at 02:25:24PM +0200, O. Hartmann wrote: > FreeBSD 4.0 comes with two different ways of encrypting passwords, either > MD5 oder DES. I figured out that using DES limits the password lenth up to > 8 characters, while MD5 allows a maximum of 128 characters. The question > I ask is: what kind of encryption service/lib should we use to have > a secure system? Is MD5 hash sufficient or should we use DES? When linking > libcrypt -> libdes, what is involved by this links? Only UNIX password > encryption or other facilities? For either DES or MD5 passwords, the standard method to crack passwords will be a dictionary attack. For just about everyone but NSA, a cryptographic attacks are not feasible. For this reason, if your users choose "good" passwords, MD5 will be more secure since the difficulty of a dictionary attack increases exponentially with the length of the password. Of course, if your users pick weak passwords, either can be cracked. > Is X11 hard-coded limited to use login (which refelcts the used lib by > limiting the length of the password, also) or is it possible to configure > X11 login to use something else? Are you talking about xdm(1) here? xdm does not use login(1). It uses a 'xlogin' widget built into itself. However, xdm uses libcrypt, so it will be using the same algorithm. That would seem to make a lot of sense since xdm is using the same password file. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000716124904.A257>