Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Which password cipher ?



On Nov 30, 2010, at 4:58 17PM, Joel Carnat wrote:

> Hi,
> 
> I'm installing a new domU and just realize I always choose the DES cipher for 
> storing local passwords as it is supposed to be the most compatible. I 
> personally don't use NIS (anymore) and password I share are store in LDAP 
> using SSHA1.
> 
> Is it still save to store local password in DES or should something else be 
> used if possible ?
> If so, what's the best option Blowfish, SHA1 ?
> 
> I read SHA1 has issues and SHA2 based cipher should be preferred.
> It also seems that OpenBSD uses Blowfish.

The weaknesses in SHA1 are completely irrelevant here.

The big problem with the traditional DES method is that passwords are limited 
to 8 characters.  The SHA-1 method -- which is really HMAC-SHA1 method -- does 
not have any arbitrary limit; this is the one I recommend.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb







Home | Main Index | Thread Index | Old Index