[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root

"Craig R.P. Heath" writes:
>given other information).  I understand that the MD5 algorithm itself
>is now believed to be weaker than was first thought, so I would be
>wary of suggesting it is a better solution for password encryption
>without some thorough justification.

Last I heard (someone please tell me if I'm not up-to-date) the only
attacks against MD5 so far involve being able to control the plaintext
message, meaning that someone could possible come up with two passwords
that had the same hash, but given a hash, the attacks don't make it
any easier to come up with a password that has that hash -- and even
given an arbitrary password, it doesn't help come up with another
password that has that hash.

One problem with the current "md5" hash is that it is based on 1000
rounds of md5, something that I do not think has been seriously
analyzed.  It's done on the spurious grounds that it slows down brute
force cracking attempts, without any attempt to analyze the effects
from a cryptographic standpoint.

Nevertheless, it seems pretty clear that it is stronger than the
8-character-limited DES-based crypt.


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []