FreeBSD maximum password length
RW
rwmaillists at googlemail.com
Mon Jun 17 23:56:13 UTC 2013
On Mon, 17 Jun 2013 17:52:48 +0000
Teske, Devin wrote:
>
> On Jun 17, 2013, at 10:28 AM, Mark Felder wrote:
>
> > On Mon, 17 Jun 2013 12:25:54 -0500, Teske, Devin
> > <Devin.Teske at fisglobal.com> wrote:
> >
> >> The default in FreeBSD is MD5
> >
> > MD5 is no longer the default.
> >
> >
> > http://svnweb.freebsd.org/base?view=revision&revision=238484
>
> Huzzah!
>
> 9.1-RELEASE and higher indeed use sha512 as the new default.
>
> 8.4 still using md5 though (and expected to stay that way).
>
> Question…
>
> Is sha512 the highest it goes in our system?
The precise cipher/hash is almost irrelevant. What's important is the
amount of work needed to evaluate a password in a bruteforce dictionary
attack. MD5 is still OK for password hashing, the problem is an
inadequate number of iterations in our particular implementation. A
similar problem exists with blowfish and arguably all of the rest.
Another problem is that all current schemes are inadvertently optimised
for GPU attack since they run in very little memory.
The bottom line is: don't let anyone steal your password file.
More information about the freebsd-questions
mailing list