"I like to change the default algorithm used when encrypting a user's
password to the blowfish algorithm, as it provides the highest security at the greatest speed.
Is this an accurate statement? My current passwd_format is set to md5 and I thought md5 was like "Da Bomb"(Ok white guy trying to be funny here).
Well, I'm no expert, but I stumbled across something interesting the other day after installing /usr/ports/security/john. It's a password cracker with a benchmarking component:
procyon# john --test Benchmarking: Traditional DES [64/64 BS MMX]... DONE Many salts: 301915 c/s real, 302860 c/s virtual Only one salt: 258079 c/s real, 258483 c/s virtual
Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE Many salts: 10083 c/s real, 10099 c/s virtual Only one salt: 9830 c/s real, 9923 c/s virtual
Benchmarking: FreeBSD MD5 [32/32]... DONE Raw: 2375 c/s real, 2382 c/s virtual
Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE Raw: 139 c/s real, 140 c/s virtual
Benchmarking: Kerberos AFS DES [48/64 4K MMX]... DONE Short: 59810 c/s real, 59997 c/s virtual Long: 200442 c/s real, 201069 c/s virtual
Benchmarking: NT LM DES [64/64 BS MMX]... DONE Raw: 1849998 c/s real, 1852889 c/s virtual
Obviously, the security of an encryption algorithm is a many-splendoured thing, etc., but the above results seem to indicate that brute-forcing Blowfish is many times more computationally intensive (i.e. 'harder') than brute-forcing MD5. That's if I'm reading it right; I'm assuming c/s = "combinations per second". There's no man page and the internet frightens and confuses me.
I really doubt Blowfish is =faster= than MD5 when encrypting.
-- Danny MacMillan _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"