[9897] in bugtraq
Re: Digital Unix 4 protected password database.
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Mar 12 15:38:56 1999
Date: Wed, 10 Mar 1999 17:44:40 -0500
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
> I once posted a better algorithm than this [...]... but it never got
> adopted, and anyway, MD5 or SHA1 is a much better bet.
Years ago, I did an MD5-based crypt(3) for NetBSD. I've been using it
ever since. I believe it is significantly better for several reasons.
One, of course, is that it's nonstandard and hence not vulnerable to
stock crack-alikes - but quite aside from that, it has benefits:
- MD5 is of clearer US export status than DES (even encryption-only DES
engines can be used for data secrecy if you use CFB or OFB).
- The salt is large enough for the foreseeable future (128 bits).
- The round count is a parameter and is stored as part of the hash
(meaning, there's no compatability issue involved with raising this
as CPUs get faster).
- The hash format is extensible (it begins with a version number).
Of course, *any* hash except the "standard" traditional one may
introduce compatability problems if it's shared with NIS (nee YP) or
moral equivalent.
I will be happy to send a copy of the code, or a text description of
the algorithm, to anyone who wants one.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
