PHK's MD5 might not be slow enough anymore

Bill Moran wmoran at collaborativefusion.com
Thu Jan 28 20:10:27 UTC 2010


In response to Chris Palmer <chris at noncombatant.org>:

> Bill Moran writes:
> 
> > I'm sure someone will correct me if I'm wrong, but you can't do this
> > without establishing this as an entirely new algorithm.  The hashes
> > generated after your patch will not be compatible with existing password
> > files, thus anyone who applies this will be unable to log in.  Have you
> > tried it?
 
<snip>

> Since there is 0 cost for people installing
> fresh, there is no reason not to do it.

Are you volunteering to handle all the complaints from all the
people who want to upgrade their systems without reinstalling?

This would also introduce a complete incompatibility between systems.
I, for one, frequently copy password files from one system to another.
I expect $1$ to be compatible on all systems.

If a new algorithm is to be used, why even start with md5?  Why not
start with something that's inherently stronger and more CPU intensive?
>From there, assign it a new algorithm number.  See the "Modular Crypt"
section of crypt(3).  Then compatibility is maintained.

-- 
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/


More information about the freebsd-security mailing list