> 
> 
> Tim Newsham says:
> > > If this _is_ because of export restrictions, would anyone be interested
> > > in a one-way function for passwords that I built on top of md5?  Since
> > > it has nothing to do with any encryption method, it should be fully
> > > exportable from everywhere.
> > 
> > Do it.  Exportability would not be the only plus with using md5.
> 
> Replacing crypt(3) with MD5, if done properly (i.e., a salt was still
> there, arbitrary length passwords were now permitted) would be a great
> boon for everyone, not just those overseas.
> 

Talking newsham on IRC on the #netbsd channel, I pointed out that md5 is a
lot faster to compute than des, so pw cracking would be easier. newsham
pointed out that you can take nth of the md5 string. so, it might be a good
idea to include with the salt, a variable for taking the md5 to the nth
so that cracking with big dictionaries arent dramatically speeded up.

chris

-- 
Christopher William Klaus	Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc.		Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.