[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Weird stuff in MD5 crypt in PAM 0.66



On Sun, 22 Aug 1999, Savochkin Andrey Vladimirovich wrote:

> I don't think that this code needs a fix.  IMHO the hash is strong enough
> without additional hacks like this loop.  On the other hand trying to fix the
> loop will probably introduce some compatibility problems with passwords
> hashed by previous versions of the code.

I once tried to understand that piece of code too, without success :(
However, if i remember correct, the code stores also a number, which can
be used to select the algorithm to hash the password.

Second thought about these ugly hacks, is there any sense to even try such
hack? MD5 is probably well analyzed against cryptanalytic attacks. If we
make some ugly hacks to it, could we introduce some nasty hole? Or do we
actually know how much the security is increased (or decreased) by such a
hack? IMO. It would be much more secure to use widely known well-tested
algorithms and methods.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []