To be a new DFly commiter

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Sat Mar 17 07:01:38 PDT 2007


Grzegorz BÅ‚ach wrote:
Brute-force algoritm with collision can take password 100 time faster
than brute-force without brute-force.
How do you prove this claim?  AFAIK collision attacks need to know the plain text.  Trying to brute-force a password means not having it in plain text.  Hence collisions do not play any role.

Atacker not must stole password file, attack can be made from local
network too.
We can don't change password_format and still use md5,
but we can change it to blowfish, maybe this is not a big issue,
but for fix it, we must change only one record in /etc/login.conf.
This is very trivial.
Yes, I also don't see any reason why we *have* to stick to md5.  However, I also don't see any reason why we should switch to blowfish.

cheers
 simon
PS: could you please trim excessive quotes when replying?  thanks.

--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00006.pgp
Type: application/octet-stream
Size: 252 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20070317/69e154a0/attachment-0021.obj>


More information about the Users mailing list