Password hashing weakness in DF
Matthias Schmidt
matthias at dragonflybsd.org
Thu Jan 19 02:49:14 PST 2012
Hi,
On 01/17/2012 11:50 PM, Aggelos Economopoulos wrote:
> > On 01/17/2012 10:12 AM, Matthias Schmidt wrote:
>> >> He guys,
>> >>
>> >> I want to bring the following discussion on the oss-security list to
>> >> your attention:
>> >>
>> >> http://www.openwall.com/lists/oss-security/2012/01/16/2
>> >>
>> >> This post and previous posts contain all known details. It seems
Solar
>> >> contacted Matt before, but unfortunately he does not responded (or at
>> >> least not on the list, I'm subscribed).
> >
> > Ugh. This is bad and, even worse, it's not immediatelly obvious how to
> > fix it w/o breaking any systems using this implementation.
Somebody on the john-dev lists implemented a fix. It reverts to the MD5
default and fixes the bugs:
http://www.openwall.com/lists/john-dev/2012/01/19/1
Cheers,
Matthias
More information about the Users
mailing list