password hash weaknesses in FreeBSD ?
rwmaillists at googlemail.com
Wed Aug 3 02:03:22 UTC 2011
On Tue, 2 Aug 2011 17:36:12 +0100
> The crypt program to hash passwords uses md5 /DES/blowfish for
> password hashing as I have read in the handbook. DES and md5 are
> widely regarded to be broken (certainly DES). I would prefer password
> hashing to be done using salted SHA1 / SHA256 to meet my security
It depends what you mean by broken; most hashes are broken (or will be
broken) in some sense - including SHA1. The types of break that make
md5 unsuitable for verification purposes don't apply to password
hashes. Furthermore FreeBSDs md5 password hash isn't simply md5, it's
1000 iterations of md5 with each iteration hashing the salt, password
and previous hash in shifting combinations.
These days the most realistic attack against typical user passwords is
probably a direct brute-force attack using GPUs - in which case the
underlying hash algorithm is insignificant.
More information about the freebsd-questions