Hi-- On Jan 28, 2010, at 12:10 PM, Bill Moran wrote: > This would also introduce a complete incompatibility between systems. > I, for one, frequently copy password files from one system to another. > I expect $1$ to be compatible on all systems.
Exactly. Just like classic DES passwords were portable to all platforms. > If a new algorithm is to be used, why even start with md5? Why not > start with something that's inherently stronger and more CPU intensive? >> > From there, assign it a new algorithm number. See the "Modular Crypt" > section of crypt(3). Then compatibility is maintained. +1. We're probably fine with MD5 password hashes against all but extreme measures for some time to come, but adding SHA-1 and being ready for whatever algorithm(s) might be chosen by NIST for SHA-3 would be a fine thing to do. Regards, -- -Chuck _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
