MD5 proposal
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrei Robachevsky
andrei at ripe.net
Wed Mar 27 17:50:02 CET 2002
Poul-Henning Kamp wrote: > In message <20020325130131.T20936 at isnic.is>, Olafur Osvaldsson writes: > > >>>auth: MD5-PW 4aabd3dbc0746c8a4b5467f99a4f8524 >>> >>> >>Why not use md5 crypt wich is already used on many operating systems for >>passwords? >> >>auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 >> > > The source can be found here: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c > I agree that a salt makes dictionary attacks very hard if not impossible. And this is good argument in favour of the Olafur's and Poul-Henning's proposal. My main concern here would be that basing the proposed method on an implementation (md5-crypt), which may change or may be mixed with some other implementation, rather than on the documented algorithm (md5 hash), which cannot, may cause confusion in the future. And, as a side question from a person far from cryptography, is it a proved fact that iterative complexity of md5-crypt makes the hash better? Regards, Andrei Robachevsky RIPE NCC
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]