First, thanks again to all for the responses. Summarizing the responses, the gist was that MD5 is more secure, may take more resources, but the big advantage seemed to be that it would take longer than 8 character passwords. I guess that would make a dictionary lookup more difficult because now the attack wouldn't know how long a string to try against thus increasing the possibilities to attempt a match on.
On a related note, I had copied (appended) some password entries from a non-MD5 RH box to a MD5 box and see that the non-MD5 encrypted worked. This is good in my case. I also see a pattern in the salt values in the MD5 encrypted passwords. It appears to be: $1$xxxxxxxx$ Is this true or coincidence? Thanks very much for the input. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
