DragonFly users List (threaded) for 2007-03
DragonFly BSD
DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: To be a new DFly commiter


From: "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date: Sat, 17 Mar 2007 14:56:14 +0100

Grzegorz Błach wrote:
Brute-force algoritm with collision can take password 100 time faster
than brute-force without brute-force.

How do you prove this claim? AFAIK collision attacks need to know the plain text. Trying to brute-force a password means not having it in plain text. Hence collisions do not play any role.


Atacker not must stole password file, attack can be made from local
network too.
We can don't change password_format and still use md5,
but we can change it to blowfish, maybe this is not a big issue,
but for fix it, we must change only one record in /etc/login.conf.
This is very trivial.

Yes, I also don't see any reason why we *have* to stick to md5. However, I also don't see any reason why we should switch to blowfish.


cheers
 simon

PS: could you please trim excessive quotes when replying? thanks.

--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \

Attachment: signature.asc
Description: OpenPGP digital signature



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]