Date: Thu, 28 Jan 2010 22:40:22 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: PHK's MD5 might not be slow enough anymore Message-ID: <20100128224022.396588dc@gumby.homeunix.com> In-Reply-To: <9d972bed1001281324r29b4b93bw9ec5bc522d0e2764@mail.gmail.com> References: <20100128182413.GI892@noncombatant.org> <9d972bed1001281324r29b4b93bw9ec5bc522d0e2764@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Jan 2010 16:24:43 -0500 Roger <rnodal@gmail.com> wrote: > What would be the consequence of having an algorithm that will > increase the amount of time needed to check the next password after a > failure. The point of slowing down the algorithm is to protect against off-line attack where an attacker has gained access to a copy of master.passwd. Any hashing has to be done when the password is set, so it's fixed thereafter.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100128224022.396588dc>