To be a new DFly commiter
Simon 'corecode' Schubert
corecode at fs.ei.tum.de
Sat Mar 17 07:01:38 PDT 2007
Grzegorz BÅ‚ach wrote:
Brute-force algoritm with collision can take password 100 time faster
than brute-force without brute-force.
How do you prove this claim? AFAIK collision attacks need to know the plain text. Trying to brute-force a password means not having it in plain text. Hence collisions do not play any role.
Atacker not must stole password file, attack can be made from local
network too.
We can don't change password_format and still use md5,
but we can change it to blowfish, maybe this is not a big issue,
but for fix it, we must change only one record in /etc/login.conf.
This is very trivial.
Yes, I also don't see any reason why we *have* to stick to md5. However, I also don't see any reason why we should switch to blowfish.
cheers
simon
PS: could you please trim excessive quotes when replying? thanks.
--
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00006.pgp
Type: application/octet-stream
Size: 252 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20070317/69e154a0/attachment-0015.obj>
More information about the Users
mailing list