On Fri, 08 Jun 2012 14:51:55 +0200 Dag-Erling Smørgrav wrote: > We still have MD5 as our default password hash, even though known-hash > attacks against MD5 are relatively easy these days.
Are any of those attacks relevant to salted passwords even with a single MD5 hash, let alone FreeBSD's complicated iterative algorithm? > We've supported SHA256 and SHA512 for many years now, so how about > making SHA512 the default instead of MD5, like on most Linux > distributions? I think the most important consideration is which is most resistant to brute force dictionary attack with GPUs. From a quick look at the code SHA512 looks to have 5000 rounds compared to MD5's 1000, but it's not so easy to compare with Blowfish. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
