Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Nov 1998 03:40:28 -0800 (PST)
From:      Christopher Nielsen <enkhyl@scient.com>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        Fernando Schapachnik <fpscha@ns1.sminter.com.ar>, Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>, tlambert@primenet.com, freebsd-security@FreeBSD.ORG
Subject:   Re: Would this make FreeBSD more secure? 
Message-ID:  <Pine.BSF.4.05.9811170338120.845-100000@ender.sf.scient.com>
In-Reply-To: <23903.911243692@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 16 Nov 1998, Poul-Henning Kamp wrote:

> Date: Mon, 16 Nov 1998 20:14:52 +0100
> From: Poul-Henning Kamp <phk@critter.freebsd.dk>
> To: Fernando Schapachnik <fpscha@ns1.sminter.com.ar>
> Cc: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>, tlambert@primenet.com,
     freebsd-security@FreeBSD.ORG
> Subject: Re: Would this make FreeBSD more secure? 
> 
> In message <199811161811.PAA01939@ns1.sminter.com.ar>, Fernando Schapachnik writes:
> >En un mensaje anterior, Thomas Valentino Crimi escribió:
> >[...]
> >>   And then we have md5 passwords, arguably broken, now, but orders of
> >> magnitudes better than DES.
> >
> >Broken? I'm using them with no problem. What do you mean?
> 
> He means that he hasn't understood the first law of cryptography:
> 
>     "No cipher is unbreakable, it's all a question about time & effort"
> 
> Given sufficient resources you can brute-force any encryption or
> scrambling.
> 
> MD5 scambled passwords are not even close to being broken, for any
> value of broken worth talking about.

Sorry to be pedantic, but your statement is true of all ciphers except
one-time pads. A one-time pad can never be broken without the encryption
key, no matter how much time and effort you expend. Of course, one-time
pads aren't exactly practical from a key management perspective.

-- 
Christopher Nielsen
Scient: The eBusiness Systems Innovator
<http://www.scient.com>;
cnielsen@scient.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811170338120.845-100000>