This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
MD5 proposal
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mc
m.candanpolat at chello.nl
Fri Mar 29 20:21:23 CET 2002
----- Original Message ----- From: "Larry J. Blunk" <ljb at merit.edu> To: "Andrei Robachevsky" <andrei at ripe.net> Cc: "Poul-Henning Kamp" <phk at critter.freebsd.dk>; "Olafur Osvaldsson" <oli at isnic.is>; <db-wg at ripe.net> Sent: Thursday, March 28, 2002 9:34 AM Subject: Re: MD5 proposal > > > Poul-Henning Kamp wrote: > > > > > In message <20020325130131.T20936 at isnic.is>, Olafur Osvaldsson writes: > > > > > > > > >>>auth: MD5-PW 4aabd3dbc0746c8a4b5467f99a4f8524 > > >>> > > >>> > > >>Why not use md5 crypt wich is already used on many operating systems for > > >>passwords? > > >> > > >>auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 > > >> > > > > > > The source can be found here: > > > > > > http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c > > > > > > > > > I agree that a salt makes dictionary attacks very hard if not > > impossible. And this is good argument in favour of the Olafur's and > > Poul-Henning's proposal. > > A reasonbly lengthy (and random) salt only makes pre-computed dictionary > attacks impossible, but it does not prevent brute force > dictionary attacks. John the Ripper (www.openwall.com/john) has support > for dictionary-based attacks on des-crypt, FreeBSD md5-crypt, and > OpenBSD bcrypt password hash functions. > > > > > My main concern here would be that basing the proposed method on an > > implementation (md5-crypt), which may change or may be mixed with some > > other implementation, rather than on the documented algorithm (md5 > > hash), which cannot, may cause confusion in the future. > > Changing an existing Unix password hash function would be a very > unlikely action as you would break portability of password hashes between > systems (speaking as a former sys-admin, this would be > a nightmare). This is one reason for longevity of des-crypt (despite > it's documented weaknesses). > > > > > And, as a side question from a person far from cryptography, is it a > > proved fact that iterative complexity of md5-crypt makes the hash better? > > > > It's a combination of the salt and computational complexity that > makes md5-crypt significantly better than straight MD5. OpenBSD's bcrypt > goes a step further than md5-crypt in computational intensity and also > allows one to specify the number of interation rounds in the hash to provide > further strength as computing power progresses. One could argue that, > absent any mandatory password goodness/length requirements, the existing > des-crypt is better than straight MD5. > > Speaking from an RPSLng perspective, I'd like to see any new hashed > password based auth mechanism provide better support for keeping the > hash private. While I'm not necessarily arguing this should be mandatory, > I believe it should at least be optional. One way to provide better support > for this would be to include some sort of identifier with the hash. This > could either be on the same auth: line as the hash, or the identifier could > be a key to a separate object that contains the actual hash (as is done > with PGPKEY based authentication). > > -Larry Blunk > Merit > > > > Regards, > > > > Andrei Robachevsky > > RIPE NCC
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]