Database development plans
Poul-Henning Kamp phk at critter.freebsd.dk
Wed Jan 30 16:12:25 CET 2002
In message <00A08D31.1A9EA894.17 at cc.univie.ac.at>, "Wilfried Woeber, UniVie/ACO net" writes: >> In regards to the MD5 fingerprint, would this be a straight MD5 hash, or >>something like the FreeBSD MD5-based password hash (which I believe supports >>passwords longer than 8 chars)? > > I would certainly expect support for more than 8 characters, > like in newer versions of Linux. > >>Also, would the hash continue to be openly published? > > I guess so. Hiding something in the response (by default) has the > potential of confusing people while trying to update and/or delete > objects. We've been through that already ;-) > >>It would seem you would still have to deal with potential dictionary attacks. I (as the author of it) would advocate adopting the hash used by FreeBSD as it significantly strengthens the basic MD5 with both a salt and an iterative complexity. It's already used to protect the enable password on all your cisco routers btw. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
[ db-wg Archives ]