Am 21.06.2012 00:14, schrieb Stefan Fritsch: > On Wednesday 20 June 2012, Reindl Harald wrote: >> there is a reason why even the developer of md5crypt >> saw the need for a offical statement that md5crypt >> should never again be considered as secure in any case! > > >> http://phk.freebsd.dk/sagas/md5crypt_eol.html > > Follow the link in his statement: > > http://2012.sharcs.org/slides/sprengers.pdf > > They can try around 1 million md5crypt operations per second (md5crypt > is basically the same as APR-MD5). For plain md5 (one round) there are > programs that do more than 200 million operations per second. That's a > rather big difference. And plain sha1 or even sha512 is much closer to > plain md5 than to md5crypt. > > I agree that we should use something more secure, really soon. But > there is no reason to panic, yet.
here we are agree no reason for panic now i only needed to point out that weakhash(weakhash(weakhash())) does not result in stronghash() no matter how often you wrap
signature.asc
Description: OpenPGP digital signature
