On Mon, 17 Jun 2013 17:52:48 +0000 Teske, Devin wrote: > > On Jun 17, 2013, at 10:28 AM, Mark Felder wrote: > > > On Mon, 17 Jun 2013 12:25:54 -0500, Teske, Devin > > <devin.te...@fisglobal.com> wrote: > > > >> The default in FreeBSD is MD5 > > > > MD5 is no longer the default. > > > > > > http://svnweb.freebsd.org/base?view=revision&revision=238484 > > Huzzah! > > 9.1-RELEASE and higher indeed use sha512 as the new default. > > 8.4 still using md5 though (and expected to stay that way). > > Question… > > Is sha512 the highest it goes in our system?
The precise cipher/hash is almost irrelevant. What's important is the amount of work needed to evaluate a password in a bruteforce dictionary attack. MD5 is still OK for password hashing, the problem is an inadequate number of iterations in our particular implementation. A similar problem exists with blowfish and arguably all of the rest. Another problem is that all current schemes are inadvertently optimised for GPU attack since they run in very little memory. The bottom line is: don't let anyone steal your password file. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
