|From:||"Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>|
|Date:||Sat, 17 Mar 2007 14:56:14 +0100|
Brute-force algoritm with collision can take password 100 time faster than brute-force without brute-force.
Atacker not must stole password file, attack can be made from local network too. We can don't change password_format and still use md5, but we can change it to blowfish, maybe this is not a big issue, but for fix it, we must change only one record in /etc/login.conf. This is very trivial.
-- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Description: OpenPGP digital signature