Christopher Klaus says:
> Talking newsham on IRC on the #netbsd channel, I pointed out that md5 is a
> lot faster to compute than des, so pw cracking would be easier. newsham
> pointed out that you can take nth of the md5 string. so, it might be a good
> idea to include with the salt, a variable for taking the md5 to the nth
> so that cracking with big dictionaries arent dramatically speeded up.

I think increasing the size of the salt to, say, 16 bits or even more,
would also be effective at discouraging dictionary attacks. Also, with
arbitrary length passwords dictionary attacks become much less
practical provided people start to use longer passphrases.

.pm