[NBLUG/talk] Do/Don't enable md5 passwords
ME
dugan at passwall.com
Thu Dec 4 11:14:01 PST 2003
Rob Orsini said:
> Yo,
>
> I was reading through this guys "Perfect Debian" setup HOWTO here:
>
> http://www.projektfarm.com/en/support/debian_setup/index.html
>
> where he runs through all the install steps... bla bla bla. My question
> is this: Why does he recommend not using MD5 passwords?
1) MD5 is not supported as well as the more standard crypt and some
services do not support PAM but will instead auth to the passwd/shadow
files directly.
2) Some cracks were found in the MD4 and these cracks were believed to
suggest that there might be possible collisions within an MD5checksum
space and the existence of collisions in the namespace could make it
easier to generate an arbitrary checksum. The problem is, there are no
known attacks like this for MD5. (Well, none that I know about.)
Running contrary to this is the thought that passwords are seldom longer
than 16 characters. Some programs won't even accept longer passwords. The
attacks that I have read about with MD4/MD5 and collisions mostly have to
do with generations of files that are much longer than 16 bytes.
As a result of the questions raised by #2 above (and to some extent #1)
some are suggesting against using md5 sums on passwords.
BTW, there have been rumors for nearly 2 decades that the NSA has managed
to find a way to show crypt hash are not one-way like we've assumed.
However, I know of no academic discussions in the open to provide support
for such a rumor.
So, you have one rumor that has been around for about 2 decades on the
older crypt and suggestions for weakness in md4 that some say point to
weaknesses in md5 that are about 5 years old (maybe a bit older.)
What to use? Well, first, use shadow passwords. This should make it more
difficult for people to see the hashed values of password wheather md5 or
the DES-based crypt. Beyond that, DES-based crypt has been around longer
than md5 and "longer tested" butsome will say that because crypt has been
around so much longer, there has been time to optimize attacks against it
(brute force speedup.)
Here is how I see it:
If you are using shadow passwords, and someone manages to get your
password file, they likely have root access anyway. This does not mean
there should be no concern over hashing methods for passwords, but it does
point out that you may still be rooted if they have your password file.
What do I use? I have used both and still do on different systems, but I
do not give out shell account to users on my systems.
> Until
> reading this, I always though that selecting that option during a linux
> install was a default yes but now I wonder if there are other issues
> I'm not considering.
>
> Thanks,
> Rob
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk
>
>
More information about the talk
mailing list