MD5 password hash

Robin Carey robin.carey1 at googlemail.com
Sat Feb 20 08:56:52 PST 2010


In the DFLY Handbook, it states that DragonFly uses MD5 for creating password entries/hashes (/etc/passwd).
 
I would like to point out that MD5 is old and considered broken.
 
Therefore, I suggest upgrading DragonFly to use either SHA-1, or SHA-2.  Out of the two options I would recommend SHA-2, since problems have been identified in SHA-1.
 
It does say in Wikipedia, that Unix/Linux vendors are migrating to use SHA-2 for password hashes (256-bit and 512-bit).
 
PS It says in Wikipedia that MD5 "should be considered cryptographically broken and unsuitable for further use", and that US government applications are required to move to SHA-2 by 2010.
-- Sincerely,Robin Carey




More information about the Bugs mailing list