* William A. Rowe, Jr. wrote: > André Malo wrote: > > Ew. Don't confuse MD5 crypt with MD5 hashes. For password usage MD5 > > crypt is *much* better than simple SHA1 hashes. > > I'm not; I'm saying they are the same number of bits, so likely equally > decomposable?
No, MD5 crypt does a it more than simple hashing. The main point is that it adds a 48 bit salt (which is random in the best case) plus a magic. That solves issues like: * people with the same password would have the same hash * reverse lookup tables. The salt makes them much (much) bigger and completely impractical. Additionally MD5 crypt does about 1000 MD5 computations (IIRC) of different subsets of the magic/salt/password string. So, actually I'm not saying that MD5 crypt is better than SHA1 hashing; I'm saying it's better than any simple hash. If we had a similar SHA1 crypt algorithm, it might be stronger than the MD5 crypt we have there, but we don't. > But my first argument remains; if we break the expected > behavior, we instantly render all previous generated hashes > irreconcilable. yes. > So it really seems like an apr-1.3 change, if that, and httpd-2.4/3.0 if > that was what the poster was getting at. Seems reasonable to me. We could add some kind of compat mode for password validation, too. But I'm not sure if that weakens the system somehow. nd -- Gib' mal folgendes in die Kommandozeile ein (und einen Moment warten): net send localhost "Buuuh!" Na, erschreckt? -- Markus Becker in mpdsh
