Re: Which password cipher ?

To: "current-users%netbsd.org@localhost" <current-users%NetBSD.org@localhost>
Subject: Re: Which password cipher ?
From: Cem Kayali <cemkayali%eticaret.com.tr@localhost>
Date: Thu, 02 Dec 2010 01:09:19 +0200

 On 12/02/10 01:02, Joerg Sonnenberger wrote:


Not exactly true for DES -- it is still way too cheap to crack. One
useful paper on the topic is
http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf

It discusses some of the possible attack vectors. IMO we should make the
Blowfish or SHA1 based cypher the default and not ask. The only case
where the cipher really matters (other than security against cracking)
is interoperability with !NetBSD systems. In that case it only matters
if you want to copy the encrypted password from master.passwd. I believe
you already know how to change the cipher algorithm if you want to do
something like that...

Joerg

"The password-hashing method used in OpenBSD uses an algorithm derivedfrom Blowfish that makes use of the slow key schedule; the idea is thatthe extra computational effort required gives protection againstdictionary attacks."

Wikipedia states why OpenBSD prefers Blowfish based one instead of otherones.


Regards,
Cem

Follow-Ups:
- Re: Which password cipher ?
  - From: Matthew Mondor

References:
- Which password cipher ?
  - From: Joel Carnat
- Re: Which password cipher ?
  - From: Steven Bellovin
- Re: Which password cipher ?
  - From: Joerg Sonnenberger

Prev by Date: Re: Which password cipher ?
Next by Date: Re: Which password cipher ?
Previous by Thread: Re: Which password cipher ?
Next by Thread: Re: Which password cipher ?
Indexes:

Home | Main Index | Thread Index | Old Index