Default password hash
Ruud Althuizen
ruud at stack.nl
Fri Jun 8 17:28:58 UTC 2012
On Fri 08 Jun 2012 05:47 PM, RW wrote:
> On Fri, 08 Jun 2012 14:51:55 +0200
> Dag-Erling Smørgrav wrote:
>
> > We still have MD5 as our default password hash, even though known-hash
> > attacks against MD5 are relatively easy these days.
>
> Are any of those attacks relevant to salted passwords even with a
> single MD5 hash, let alone FreeBSD's complicated iterative algorithm?
Complication isn't your friend when considering cryptography.
--
With kind regards,
Ruud Althuizen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120608/21ae0ad6/attachment.pgp
More information about the freebsd-security
mailing list