PHK's MD5 might not be slow enough anymore
Garance A Drosihn
drosih at rpi.edu
Thu Jan 28 22:20:34 UTC 2010
At 2:13 PM -0800 1/28/10, Chuck Swiger wrote:
>Hi--
>
>On Jan 28, 2010, at 1:56 PM, Garance A Drosihn wrote:
> >
>> Might want to make it something like $1.nnn.bbb$, so the admin can specify
>> the number of bits as well as the number of rounds. And then pick some
>> algorithm where those two values make sense. :-)
>
>As Antoine points out in the link mentioned:
>
>> The integration into existing systems is easy if those systems already
>> support the MD5-based solution. Ever since the introduction of the
>> MD5-based method an extended password format is in used:
>>
> > $<ID>$<SALT>$<PWD>
>This seems to address the suggestion being made by Chris (and +1'ed
>by others) in a fashion that is compatible with other
>implementations....
Ah, yes, this seems like a fine idea. (so please ignore the message I
sent about 45 seconds ago!)
--
Garance Alistair Drosehn = gad at gilead.netel.rpi.edu
Senior Systems Programmer or gad at freebsd.org
Rensselaer Polytechnic Institute or drosih at rpi.edu
More information about the freebsd-security
mailing list