Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Jun 1999 23:12:11 +0200
From:      Poul-Henning Kamp <phk@critter.freebsd.dk>
To:        Gregory Sutter <gsutter@pobox.com>
Cc:        Warner Losh <imp@harmony.village.org>, Holtor <holtor@yahoo.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: DES & MD5? 
Message-ID:  <7661.929481131@critter.freebsd.dk>
In-Reply-To: Your message of "Tue, 15 Jun 1999 13:50:03 PDT." <19990615135003.U37775@001101.zer0.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <19990615135003.U37775@001101.zer0.org>, Gregory Sutter writes:
>On Tue, Jun 15, 1999 at 08:49:04AM +0200, Poul-Henning Kamp wrote:
>> 
>> Uhm, sorry Warner, but that is not true.  A brute force attack on
>> MD5 is many orders of magnitude slower than on DES.
>
>At USENIX, Niels Provos and David Mazieres presented a paper entitled
>"A Future-Adaptable Password Scheme", in which they described two 
>algorithms with adaptable cost,

I've seen it.  I think they're missing the >real< point by a large 
margin, (or at least they did in the version I read).

In my opinion the most important thing is to realize that scrambled
passwords are cheap to replace, and therefore a "kleenex" principle
can be applied to the protection.

If the MD5 seems to be under attack, we'll just change to something
else, and if that comes under attack, we change again, and so on.

That said I'm sure their algorithm is at least as good, and quite 
likely much better than the MD5 based one that I wrote, but the
important thing is the '$1$' at the front of the password which
will allow us to change the entire thing at moments notice:

	Install new libcrypt ("$2$", or "$3$" or whatever)
	Set all passwords to expire in 1hour/day/week/month/year
	Tell your users that they havn't changed their password
	for too long

And any threat to you password scrambling is eliminated...

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7661.929481131>