Re: PHK's MD5 might not be slow enough anymore
- From: RW <rwmaillists@xxxxxxxxxxxxxx>
- Date: Fri, 29 Jan 2010 00:53:30 +0000
On Thu, 28 Jan 2010 17:53:30 -0500
Roger <rnodal@xxxxxxxxx> wrote:
The point of slowing down the algorithm is to protect against
off-line attack where an attacker has gained access to a copy of
master.passwd.
When say "off-line attack" do you refer to the attacker running a
brute force attack on his/her machine?
Yes
I'm assuming that by using a slow algorithm the attacker is forced to
use the same slow algorithm to check the passwords?
Hopefully
Any hashing has to be done when the password is set, so it's fixed
thereafter.
The thread is about password hashing, which is not a mechanism to
slow-down and back-off login attempts.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- PHK's MD5 might not be slow enough anymore
- From: Chris Palmer
- Re: PHK's MD5 might not be slow enough anymore
- From: Roger
- Re: PHK's MD5 might not be slow enough anymore
- From: RW
- Re: PHK's MD5 might not be slow enough anymore
- From: Roger
- PHK's MD5 might not be slow enough anymore
- Prev by Date: Re: PHK's MD5 might not be slow enough anymore
- Next by Date: Re: PHK's MD5 might not be slow enough anymore
- Previous by thread: Re: PHK's MD5 might not be slow enough anymore
- Next by thread: Re: PHK's MD5 might not be slow enough anymore
- Index(es):
Relevant Pages
|
