Date: Tue, 20 Jun 1995 08:21:05 +0200 From: Mark Murray <mark@grondar.za> To: Poul-Henning Kamp <phk@freefall.cdrom.com> Cc: terry@cs.weber.edu (Terry Lambert), wollman@halloran-eldar.lcs.mit.edu, current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Message-ID: <199506200621.IAA01213@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
> > I agree that the hack-attack prevention is a poor reason for slowing down > > crypt(). > > The MD5 based crypt() I wrote for 2.0 had this in mind. It is sufficiently > slow that brute-force attacks are not fun, and it is frustrated by a > millisecond timestamp so dictionary attacks become very bulky. The timestamp can be stripped down by anyone with access to the source. OK, this does not help anyone bashing at the front door, but there are those hackers who with a Sparc or an Alpha and the MD5 source will really clobber a password file using Crack... > Ten years from now it will probably have to be slowed down again :-( Who says some clever Maths/Crypto boffin hasn't got a faster algorithm _now_? Look at fcrypt versus Classic crypt(3). M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506200621.IAA01213>