MD5 password hash
Matthew Dillon
dillon at apollo.backplane.com
Sat Feb 20 17:02:17 PST 2010
:In the DFLY Handbook, it states that DragonFly uses MD5 for creating
:password entries/hashes (/etc/passwd).
:
:I would like to point out that MD5 is old and considered broken.
:
:Therefore, I suggest upgrading DragonFly to use either SHA-1, or SHA-2. Out
:of the two options I would recommend SHA-2, since problems have been
:identified in SHA-1.
:
:It does say in Wikipedia, that Unix/Linux vendors are migrating to use SHA-2
:for password hashes (256-bit and 512-bit).
:
:PS It says in Wikipedia that MD5 "should be considered cryptographically
:broken and unsuitable for further use", and that US government applications
:are required to move to SHA-2 by 2010.
:
:--
:Sincerely,
:Robin Carey
Well... if someone wants to add another encryption method that's fine
w/me. Nobody should be using plaintext passwords for remote access
anyway since most attacks don't even bother trying to decrypt any more,
they just run against a dictionary.
-Matt
More information about the Bugs
mailing list