On Wednesday 20 June 2012, Reindl Harald wrote: > there is a reason why even the developer of md5crypt > saw the need for a offical statement that md5crypt > should never again be considered as secure in any case!
> http://phk.freebsd.dk/sagas/md5crypt_eol.html Follow the link in his statement: http://2012.sharcs.org/slides/sprengers.pdf They can try around 1 million md5crypt operations per second (md5crypt is basically the same as APR-MD5). For plain md5 (one round) there are programs that do more than 200 million operations per second. That's a rather big difference. And plain sha1 or even sha512 is much closer to plain md5 than to md5crypt. I agree that we should use something more secure, really soon. But there is no reason to panic, yet. Cheers, Stefan
