[NBLUG/talk] Do/Don't enable md5 passwords

Rob Orsini orsini at sonic.net
Thu Dec 4 11:28:00 PST 2003


At 11:16 AM 12/4/2003 -0800, you wrote:
>Rob Orsini said:
> > Yo,
> >
> > I was reading through this guys "Perfect Debian" setup HOWTO here:
> >
> > http://www.projektfarm.com/en/support/debian_setup/index.html
> >
> > where he runs through all the install steps... bla bla bla.  My question
> > is this:  Why does he recommend not using MD5 passwords?

<lots more stuff here...>

>1) MD5 is not supported as well as the more standard crypt and some
>services do not support PAM but will instead auth to the passwd/shadow
>files directly.
>2) Some cracks were found in the MD4 and these cracks were believed to
>suggest that there might be possible collisions within an MD5checksum
>space and the existence of collisions in the namespace could make it
>easier to generate an arbitrary checksum. The problem is, there are no
>known attacks like this for MD5. (Well, none that I know about.)

Thanks ME! One more Linux thingy I don't have to be totally confused
about anymore.

Rob 




More information about the talk mailing list