This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
MD5 proposal
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrei Robachevsky
andrei at ripe.net
Wed Mar 27 17:50:02 CET 2002
Poul-Henning Kamp wrote: > In message <20020325130131.T20936 at isnic.is>, Olafur Osvaldsson writes: > > >>>auth: MD5-PW 4aabd3dbc0746c8a4b5467f99a4f8524 >>> >>> >>Why not use md5 crypt wich is already used on many operating systems for >>passwords? >> >>auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 >> > > The source can be found here: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c > I agree that a salt makes dictionary attacks very hard if not impossible. And this is good argument in favour of the Olafur's and Poul-Henning's proposal. My main concern here would be that basing the proposed method on an implementation (md5-crypt), which may change or may be mixed with some other implementation, rather than on the documented algorithm (md5 hash), which cannot, may cause confusion in the future. And, as a side question from a person far from cryptography, is it a proved fact that iterative complexity of md5-crypt makes the hash better? Regards, Andrei Robachevsky RIPE NCC
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]