Date: Thu, 28 Jan 2010 17:53:30 -0500 From: Roger <rnodal@gmail.com> To: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore Message-ID: <9d972bed1001281453k3ae9753r6aee18ba4c3c120a@mail.gmail.com> In-Reply-To: <20100128224022.396588dc@gumby.homeunix.com> References: <20100128182413.GI892@noncombatant.org> <9d972bed1001281324r29b4b93bw9ec5bc522d0e2764@mail.gmail.com> <20100128224022.396588dc@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The point of slowing down the algorithm is to protect against off-line > attack where an attacker has gained access to a copy of master.passwd. When say "off-line attack" do you refer to the attacker running a brute force attack on his/her machine? I'm assuming that by using a slow algorithm the attacker is forced to use the same slow algorithm to check the passwords? > Any hashing has to be done when the password is set, so it's fixed > thereafter. What do you mean by that? Thank you very much for taking the time to answer. -r
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9d972bed1001281453k3ae9753r6aee18ba4c3c120a>