[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Which password cipher ?
On Wed, Dec 01, 2010 at 10:47:43AM -0500, Steven Bellovin wrote:
> On Dec 1, 2010, at 10:41 58AM, Thor Lancelot Simon wrote:
> > On Wed, Dec 01, 2010 at 01:33:38PM +0000, Andrew Doran wrote:
> >> Outside the NetBSD bubble most newly installed systems use MD5.
> > If that is actually the case, then it is not possible to certify such
> > systems under most of the interesting/commercially valuable security
> > standards.
> THat isn't clear to me -- the weakness under collision of MD5 is completely
> irrelevant here.
I'm aware of that, but anything that allows only Approved hash functions
will still exclude it. I didn't say it _should_ be that way...
...and yes, I've repeatedly had to rework code in real products for this
Main Index |
Thread Index |