Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Aug 2011 03:03:12 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: password hash weaknesses in FreeBSD ?
Message-ID:  <20110803030312.5db40695@gumby.homeunix.com>
In-Reply-To: <CAHKe%2BWJ_8GK-5bYzTMWParYENUF00SrZGj12mmLm9c6rPN-uqg@mail.gmail.com>
References:  <CAHKe%2BWJ_8GK-5bYzTMWParYENUF00SrZGj12mmLm9c6rPN-uqg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Aug 2011 17:36:12 +0100
=E3=83=9E=E3=83=B3=E3=83=AD=E3=83=BC=E3=82=AF=E3=83=AA=E3=82=B9=E3=83=88=E3=
=83=95=E3=82=A1 wrote:

> The crypt program to hash passwords uses md5 /DES/blowfish for
> password hashing as I have read in the handbook. DES and md5 are
> widely regarded to be broken (certainly DES). I would prefer password
> hashing to be done using salted SHA1 / SHA256 to meet my security
> needs.

It depends what you mean by broken; most hashes are broken (or will be
broken) in some sense - including SHA1. The types of break that make
md5 unsuitable for verification purposes  don't apply to password
hashes. Furthermore FreeBSDs md5 password hash isn't simply md5, it's
1000 iterations of md5 with each iteration hashing the salt, password
and previous hash in shifting combinations.

These days the most realistic attack against typical user passwords is
probably a direct brute-force attack using GPUs - in which case the
underlying hash algorithm is insignificant.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110803030312.5db40695>