Re: PHK's MD5 might not be slow enough anymore

On 1/28/10 3:18 PM, Chris Palmer wrote:
> For backwards compatibility, which do people prefer: Creating a new $N$
> prefix every time we re-tune the algorithm, or using a new notation to say
> how many times this password was hashed? For example: $1.1000$, $1.100000$,
> et c.?
>
> I prefer the latter. It can work with Blowfish, too, and anything else
> people come up with in the future.

The Blowfish one already has that feature.

A long time ago (like FreeBSD 6.something, maybe earlier) I changed all 
my /etc/login.conf files to set "passwd_format=blf" and all my password 
hashes are in the format "$2a$04$salthash" -- with the "04" being the 
(default) number of rounds of Blowfish to run.  I have some users where 
it's set to 11 rounds, and as you'd expect, it puts a pretty big hurt on 
the ability of things like John The Ripper to attack the hashes.

Just making sure we aren't suggesting reinventing a wheel here :)

Even 4 rounds of Blowfish is far slower than 1000 rounds of MD5, and 
1000 rounds of MD5 is far slower than DES.  And yeah, fear of MD5 
collisions is totally irrelevant here.
If you're really that worried about MD5 anyway, just change 
"passwd_format=md5" to "passwd_format=blf" in your login.conf's default 
section and be happy :)
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"