[TOOL] crypt_blowfish - Modern Password Hashing Algorithm for Crypt
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 8 Feb 2006 18:58:27 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
crypt_blowfish - Modern Password Hashing Algorithm for Crypt
------------------------------------------------------------------------
SUMMARY
DETAILS
crypt_blowfish is a public domain implementation of a modern password
hashing algorithm based on the Blowfish block cipher, provided via the
crypt(3) and a reentrant interface. It is compatible with bcrypt (version
2a) by Niels Provos and David Mazieres, as used in OpenBSD.
The most important property of bcrypt (and thus crypt_blowfish) is that it
is adaptable to future processor performance improvements, allowing you to
arbitrarily increase the processing cost of checking a password while
still maintaining compatibility with your older password hashes.
Already now bcrypt hashes you would use are several orders of magnitude
stronger than traditional Unix DES-based or FreeBSD-style MD5-based
hashes.
ADDITIONAL INFORMATION
The information has been provided by <mailto:solar@xxxxxxxxxxxx> Solar
Designer.
For the latest version of this tool visit the project's homepage at:
<http://www.openwall.com/crypt/> http://www.openwall.com/crypt/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] OProfile Arbitrary Code Execution
- Next by Date: [NEWS] eyeOS Remote Code Execution
- Previous by thread: [UNIX] OProfile Arbitrary Code Execution
- Next by thread: [NEWS] eyeOS Remote Code Execution
- Index(es):
Relevant Pages
- [TOOL] OPHCRACK with Windows and Linux GUI
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Ophcrack version 2.0 is a windows
password cracker based on the faster ... * Dumps hashes from local and remote hashes,
... * Dumps hashes from encrypted SAM and config, provided you boot on a CD ...
(Securiteam) - [TOOL] Hashattack - Auditing Privilged Oracle Passwords
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Hashes are calculated by
creating a user account similar to the target ... The information in this bulletin is provided
"AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
