MD5 proposal
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mc
m.candanpolat at chello.nl
Fri Mar 29 20:21:23 CET 2002
----- Original Message ----- From: "Larry J. Blunk" <ljb at merit.edu> To: "Andrei Robachevsky" <andrei at ripe.net> Cc: "Poul-Henning Kamp" <phk at critter.freebsd.dk>; "Olafur Osvaldsson" <oli at isnic.is>; <db-wg at ripe.net> Sent: Thursday, March 28, 2002 9:34 AM Subject: Re: MD5 proposal > > > Poul-Henning Kamp wrote: > > > > > In message <20020325130131.T20936 at isnic.is>, Olafur Osvaldsson writes: > > > > > > > > >>>auth: MD5-PW 4aabd3dbc0746c8a4b5467f99a4f8524 > > >>> > > >>> > > >>Why not use md5 crypt wich is already used on many operating systems for > > >>passwords? > > >> > > >>auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 > > >> > > > > > > The source can be found here: > > > > > > http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c > > > > > > > > > I agree that a salt makes dictionary attacks very hard if not > > impossible. And this is good argument in favour of the Olafur's and > > Poul-Henning's proposal. > > A reasonbly lengthy (and random) salt only makes pre-computed dictionary > attacks impossible, but it does not prevent brute force > dictionary attacks. John the Ripper (www.openwall.com/john) has support > for dictionary-based attacks on des-crypt, FreeBSD md5-crypt, and > OpenBSD bcrypt password hash functions. > > > > > My main concern here would be that basing the proposed method on an > > implementation (md5-crypt), which may change or may be mixed with some > > other implementation, rather than on the documented algorithm (md5 > > hash), which cannot, may cause confusion in the future. > > Changing an existing Unix password hash function would be a very > unlikely action as you would break portability of password hashes between > systems (speaking as a former sys-admin, this would be > a nightmare). This is one reason for longevity of des-crypt (despite > it's documented weaknesses). > > > > > And, as a side question from a person far from cryptography, is it a > > proved fact that iterative complexity of md5-crypt makes the hash better? > > > > It's a combination of the salt and computational complexity that > makes md5-crypt significantly better than straight MD5. OpenBSD's bcrypt > goes a step further than md5-crypt in computational intensity and also > allows one to specify the number of interation rounds in the hash to provide > further strength as computing power progresses. One could argue that, > absent any mandatory password goodness/length requirements, the existing > des-crypt is better than straight MD5. > > Speaking from an RPSLng perspective, I'd like to see any new hashed > password based auth mechanism provide better support for keeping the > hash private. While I'm not necessarily arguing this should be mandatory, > I believe it should at least be optional. One way to provide better support > for this would be to include some sort of identifier with the hash. This > could either be on the same auth: line as the hash, or the identifier could > be a key to a separate object that contains the actual hash (as is done > with PGPKEY based authentication). > > -Larry Blunk > Merit > > > > Regards, > > > > Andrei Robachevsky > > RIPE NCC
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]