Subject: Re: crypt(3)
To: David Maxwell <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 11/16/1994 10:03:43
David Maxwell says:
> > I would much prefer using MD5 for passwords. I'm not so certain the method
> > posted here earlier is the best, but I believe MD5 to be much more secure
> > than the standard old DES.
> I'm not a cryptographer, but someone here said MD5 runs faster than DES, and
> it would require loops the way DES does.
The issue isn't the absolute speed of the algorithm -- its the maximum
length of passwords and the length of salt. crypt(3) permits maximum
passwords lengths of eight characters. This is a very small number,
especially since in practice the characters are constrained to be one
of about 96 possibilities each instead of 256. MD5 was designed to be
a one way hash, unlike DES, and thus MD5 based systems permit
arbitrary length passwords and (in theory) arbitrary salts. If it is
desired to slow MD5 (or, even better, SHA) down its easy enough to so
simply by increasing the number of rounds -- no real reason not to
increase the number by a factor of 512 or more if people want. This
could be made tunable as well. Once you've gone to changes like these
there is no point in using DES; one might as well go to MD5 or SHA.