Re: Default password hash

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--2065465572-899095623-1339347323=:2189
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT

> On 8 Jun 2012, at 13:51, Dag-Erling Sm鷨grav wrote:
> 
> > We still have MD5 as our default password hash, even though known-hash
> > attacks against MD5 are relatively easy these days. 

*collision* attacks are relatively easy these days, but against 1 MD5, 
not against 1000 times MD5

w.r.t. password hashes, a successful preimage attack would be threatening,
which publications are you referring to?

I found one preimage attack on reduced MD5, but it's theoretical (2^96 steps)
"Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5*"
eprint.iacr.org/2008/183.pdf

> > We've supported
> > SHA256 and SHA512 for many years now, so how about making SHA512 the
> > default instead of MD5, like on most Linux distributions?

there is a NIST hash competition running, the winner will soon be announced
(and it won't be SHA256 or SHA512 ;-)
http://csrc.nist.gov/groups/ST/hash/timeline.html
so my suggestion would be to use all of the finalists - especially
the winner - for password hashing
    * BLAKE
    * Gr鷭tl 
    * JH
    * Keccak
    * Skein
see, for example, http://www.nist.gov/itl/csd/sha3_010511.cfm

--
Damian Weber, <http://www-crypto.htw-saarland.de>
--2065465572-899095623-1339347323=:2189
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
--2065465572-899095623-1339347323=:2189--