PHK's MD5 might not be slow enough anymore

Chris Palmer chris at
Thu Jan 28 20:18:50 UTC 2010

For backwards compatibility, which do people prefer: Creating a new $N$
prefix every time we re-tune the algorithm, or using a new notation to say
how many times this password was hashed? For example: $1.1000$, $1.100000$,
et c.?

I prefer the latter. It can work with Blowfish, too, and anything else
people come up with in the future.

More information about the freebsd-security mailing list