On Sat, 09 Jun 2012 07:34:22 -0400 Mike Tancsa wrote: > On 6/8/2012 8:51 AM, Dag-Erling Smørgrav wrote: > > We still have MD5 as our default password hash, even though > > known-hash attacks against MD5 are relatively easy these days. > > We've supported SHA256 and SHA512 for many years now, so how about > > making SHA512 the default instead of MD5, like on most Linux > > distributions? > > Actually, any chance of MFC'ing SHA256 and 512 in RELENG_7 ? Its > currently not there. > > RELENG_7 is supported until 2013 > > Sort of a security issue
Lets not forget that this is an attack against insecure passwords performed after an attacker has already gained root or physical access. > considering this assessment of MD5 > > http://phk.freebsd.dk/sagas/md5crypt_eol.html In the context of that all the existing algorithms are pretty insecure. The people that are doing this are brute forcing passwords; the cryptographic merits of the underlying hash are immaterial, except in as far as they slow things down. I would estimate that md5crypt vs sha512crypt is roughly: 2.5 * (5000rounds/1000rounds) * (512bits/128bits) = 50 to put that in context, going from simple md5 to md5crypt is factor of ~1024. 50 is equivalent to less than 6bits of password entropy. In some cases it may make little difference to the percentage of passwords cracked. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
