apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: PATCH: md5 hash files not portable between EBCDIC and ASCII
Date Fri, 07 Sep 2007 07:33:44 GMT
* William A. Rowe, Jr. wrote:

> André Malo wrote:
> > Ew. Don't confuse MD5 crypt with MD5 hashes. For password usage MD5
> > crypt is *much* better than simple SHA1 hashes.
>
> I'm not; I'm saying they are the same number of bits, so likely equally
> decomposable? 

No, MD5 crypt does a it more than simple hashing. The main point is that it 
adds a 48 bit salt (which is random in the best case) plus a magic. That 
solves issues like:

* people with the same password would have the same hash
* reverse lookup tables. The salt makes them much (much) bigger and 
  completely impractical.

Additionally MD5 crypt does about 1000 MD5 computations (IIRC) of different 
subsets of the magic/salt/password string.

So, actually I'm not saying that MD5 crypt is better than SHA1 hashing; I'm 
saying it's better than any simple hash. If we had a similar SHA1 crypt 
algorithm, it might be stronger than the MD5 crypt we have there, but we 
don't.

> But my first argument remains; if we break the expected 
> behavior, we instantly render all previous generated hashes
> irreconcilable.

yes.

> So it really seems like an apr-1.3 change, if that, and httpd-2.4/3.0 if
> that was what the poster was getting at.

Seems reasonable to me.
We could add some kind of compat mode for password validation, too. But I'm 
not sure if that weakens the system somehow.

nd
-- 
Gib' mal folgendes in die Kommandozeile ein (und einen Moment warten):

net send localhost "Buuuh!"
Na, erschreckt?                              -- Markus Becker in mpdsh

Mime
View raw message