Default password hash
RW
rwmaillists at googlemail.com
Sat Jun 9 16:41:14 UTC 2012
On Sat, 09 Jun 2012 07:34:22 -0400
Mike Tancsa wrote:
> On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote:
> > We still have MD5 as our default password hash, even though
> > known-hash attacks against MD5 are relatively easy these days.
> > We've supported SHA256 and SHA512 for many years now, so how about
> > making SHA512 the default instead of MD5, like on most Linux
> > distributions?
>
> Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its
> currently not there.
>
> RELENG_7 is supported until 2013
>
> Sort of a security issue
Lets not forget that this is an attack against insecure passwords
performed after an attacker has already gained root or physical access.
> considering this assessment of MD5
>
> http://phk.freebsd.dk/sagas/md5crypt_eol.html
In the context of that all the existing algorithms are pretty insecure.
The people that are doing this are brute forcing passwords; the
cryptographic merits of the underlying hash are immaterial, except in
as far as they slow things down.
I would estimate that md5crypt vs sha512crypt is roughly:
2.5 * (5000rounds/1000rounds) * (512bits/128bits) = 50
to put that in context, going from simple md5 to md5crypt is factor of
~1024.
50 is equivalent to less than 6bits of password entropy. In some cases
it may make little difference to the percentage of passwords cracked.
More information about the freebsd-security
mailing list