[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Which password cipher ?
On Nov 30, 2010, at 4:58 17PM, Joel Carnat wrote:
> I'm installing a new domU and just realize I always choose the DES cipher for
> storing local passwords as it is supposed to be the most compatible. I
> personally don't use NIS (anymore) and password I share are store in LDAP
> using SSHA1.
> Is it still save to store local password in DES or should something else be
> used if possible ?
> If so, what's the best option Blowfish, SHA1 ?
> I read SHA1 has issues and SHA2 based cipher should be preferred.
> It also seems that OpenBSD uses Blowfish.
The weaknesses in SHA1 are completely irrelevant here.
The big problem with the traditional DES method is that passwords are limited
to 8 characters. The SHA-1 method -- which is really HMAC-SHA1 method -- does
not have any arbitrary limit; this is the one I recommend.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Main Index |
Thread Index |