[9912] in bugtraq
Re: Digital Unix 4 protected password database.
daemon@ATHENA.MIT.EDU (Tim Pierce)
Fri Mar 12 21:27:39 1999
Date: Fri, 12 Mar 1999 18:44:22 -0500
Reply-To: Tim Pierce <twp@ROOTSWEB.COM>
From: Tim Pierce <twp@ROOTSWEB.COM>
X-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199903102244.RAA29732@Twig.Rodents.Montreal.QC.CA>; from der
Mouse on Wed, Mar 10, 1999 at 05:44:40PM -0500
On Wed, Mar 10, 1999 at 05:44:40PM -0500, der Mouse wrote:
> > I once posted a better algorithm than this [...]... but it never got
> > adopted, and anyway, MD5 or SHA1 is a much better bet.
>
> Years ago, I did an MD5-based crypt(3) for NetBSD. I've been using it
> ever since. I believe it is significantly better for several reasons.
> One, of course, is that it's nonstandard and hence not vulnerable to
> stock crack-alikes...
FreeBSD has used MD5 in its crypt(3) algorithm for several years. I
believe it was already there in the 2.0 release around 1994. (It does
give you the option, at install time, of using DES instead.)
The cryptographic benefits are probably still sound, but I would
assume that Crack tools try both MD5 and DES on their dictionaries.
There are enough FreeBSD systems using MD5 on the net to make it worth
the crackers' while.
--
Regards,
Tim Pierce
RootsWeb Genealogical Data Cooperative
system obfuscator and hack-of-all-trades
