DragonFly BSD
DragonFly bugs List (threaded) for 2010-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

MD5 password hash


From: Robin Carey <robin.carey1@xxxxxxxxxxxxxx>
Date: Sat, 20 Feb 2010 16:54:53 +0000

In the DFLY Handbook, it states that DragonFly uses MD5 for creating password entries/hashes (/etc/passwd).
 
I would like to point out that MD5 is old and considered broken.
 
Therefore, I suggest upgrading DragonFly to use either SHA-1, or SHA-2. Out of the two options I would recommend SHA-2, since problems have been identified in SHA-1.
 
It does say in Wikipedia, that Unix/Linux vendors are migrating to use SHA-2 for password hashes (256-bit and 512-bit).
 
PS It says in Wikipedia that MD5 "should be considered cryptographically broken and unsuitable for further use", and that US government applications are required to move to SHA-2 by 2010.

--
Sincerely,
Robin Carey


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]