[Fedora-directory-users] MD5 for password hashes
Richard Megginson
rmeggins at redhat.com
Wed Nov 16 18:32:23 UTC 2005
Mike Jackson wrote:
> Richard Megginson wrote:
>
>> Del wrote:
>>
>>> Rich Megginson wrote:
>>>
>>>> We hope to have another binary release by the end of the week.
>>>> We've just got a couple of bug fixes to go.
>>>
>>>
>>>
>>>
>>> Hi Rich,
>>>
>>> <prod>!
>>>
>>> http://directory.fedora.redhat.com/wiki/Download has pointers to new
>>> releases (Fedora Directory Server 1.0) but the links all give me 404's.
>>>
>>> So are we getting closer to that binary release?
>>
>>
>>
>> Closer . . .
>
>
> You do realize that MD5 has been _fully_ broken now, don't you? And
> I'm not talking about dictionary attacks; I'm talking about a fast
> mathematical attack vector on the algorithm itself.
>
>
> An interesting demonstration here:
>
> http://www.doxpara.com/?q=node&from=10
>
>
> Collision generators here:
>
> http://www.stachliu.com/collisions.html
>
> The new and improved collision generator:
>
> http://www.stachliu.com/md5coll.c
>
> "Old (Wang, et al.) average run time on IBM P690 supercomputer - 1 hour"
> - out of reach for most people
>
> "New average run time on P4 1.6ghz PC - 45 minutes"
> - within reach for nearly everyone
>
>
> Now, storing md5 doesn't seem much safer than storing crypt.
That's why cert based auth is the best way to go. But in the meantime,
the next release of FDS will support SHA-256, SHA-384, and SHA-512
password hashing.
>
> --
> mike
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051116/188f838a/attachment.bin>
More information about the Fedora-directory-users
mailing list