[1501] in bugtraq
Re: passwd hashing algorithm
daemon@ATHENA.MIT.EDU (Jon Peatfield)
Sun Apr 16 06:27:18 1995
To: don@paranoia.com (don@paranoia.com)
Cc: bugtraq@fc.net, jp107@damtp.cam.ac.uk
In-Reply-To: Your message of "Thu, 13 Apr 1995 12:11:48 CDT."
<m0rzSQn-0006NdC@primus.paranoia.com>
Date: Sat, 15 Apr 1995 16:42:30 +0100
From: Jon Peatfield <J.S.Peatfield@damtp.cam.ac.uk>
> What about md5?
Too fast, it still allows dictionary attacks rather easily (yes I know that
users should choose good passwords, but some won't).
md5^500 (500 rounds of md5), or however many takes about 0.5 seconds on a fast
computer (say a DEC Alpha 3000 model 900), should be enough.
-- Jon
