Re: PHK's MD5 might not be slow enough anymore

From: Dag-Erling Smørgrav <des@xxxxxx>
Date: Mon, 01 Feb 2010 14:25:50 +0100

Dan Lukes <dan@xxxxxxxxx> writes:

Mike Andrews <mandrews@xxxxxxxx> writes:

There is probably a login.conf knob to raise the default number of
rounds beyond 2^4.

No. The standard way of password change flow trough pam_unix.c.

It call crypt(new_pass, salt) where salt is pseudo-random sequence. As
such salt doesn't start with a magic, the default algorithm is
selected. If it si blowfish, then crypt_blowfish(key, salt) is called.

Mike is mostly right and you are mostly wrong. The default algorithm is
indeed controlled by login.conf and auth.conf, although there is no way
to specify the number of rounds.

DES
--
Dag-Erling Smørgrav - des@xxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Prev by Date: Re: security scripts diff
Next by Date: Re: PHK's MD5 might not be slow enough anymore
Previous by thread: security scripts diff
Next by thread: Re: PHK's MD5 might not be slow enough anymore
Index(es):
- Date
- Thread

Relevant Pages

Re: Password encryption algorithms
... one can turn up the rounds count to defeat brute-force attacks. ... use with cryptthat uses the MD5 message hash algorithm. ... algorithm identifier for crypt.confand policy.confis md5. ... generation of the salt; the default number of rounds is 4096. ...
(comp.unix.solaris)
Re: Password Encryption in .Net with C# Examples and VB.Net Examples
... You can create cryptographic string using seven different algorithms that provided in .Net Framework. ... This is mainly use in encrypt a password and store. ... actually stored) salt should always be used. ... Optionally multiple rounds of hashing can be applied. ...
(microsoft.public.dotnet.languages.csharp)
Re: Password encryption algorithms
... it looks like the Sun algorithm makes ... >the # of rounds part of the salt so that as computers get faster ... >one can turn up the rounds count to defeat brute-force attacks. ... That's in the Solaris 10 man page only, AFAICS, not the ...
(comp.unix.solaris)
Re: PHKs MD5 might not be slow enough anymore
... being the number of rounds of Blowfish to run ... salt) where salt is pseudo-random sequence. ... If it si blowfish, then crypt_blowfishis called. ...
(FreeBSD-Security)
Re: Wanted! A salted recipe with sweet potatoes
... with salt & pepper. ... I decided to cut them into rounds and rub them with oil ...
(rec.food.cooking)