Date: Tue, 6 Jan 2009 19:31:17 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de> Cc: freebsd-security@freebsd.org Subject: Re: MD5 vs. SHA1 hashed passwords in /etc/master.passwd: can we configure SHA1 in /etc/login.conf? Message-ID: <20090106083117.GI87057@server.vk2pj.dyndns.org> In-Reply-To: <495FDC97.4090301@mail.zedat.fu-berlin.de> References: <495FDC97.4090301@mail.zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--pyE8wggRBhVBcj8z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2009-Jan-03 22:45:59 +0100, "O. Hartmann" <ohartman@mail.zedat.fu-berlin= =2Ede> wrote: >Well, I never digged deep enough into the source code to reveal the >magic and truth, so I will ask here for some help. The relevant algorithms and their names are embedded in src/lib/libcrypt/crypt.c > Is it possible to >change the md5-algorithm by default towards sha1 as recommended after >the md5-collisions has been published? Note that both MD5 and SHA1 are broken in the cryprographic sense. As various people have noted, the known breaks do not impact on MD5 password hashes. --=20 Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. --pyE8wggRBhVBcj8z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkljFtUACgkQ/opHv/APuIe2zgCfTpyLM2ZlfYioAJBygIYSu9en RcQAniInhQhLK78fjnSeLHbESWwoJTY3 =jC7v -----END PGP SIGNATURE----- --pyE8wggRBhVBcj8z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090106083117.GI87057>