Bug #1681

MD5 password hash

Added by robin.carey1 over 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

In the DFLY Handbook, it states that DragonFly uses MD5 for creating
password entries/hashes (/etc/passwd).

I would like to point out that MD5 is old and considered broken.

Therefore, I suggest upgrading DragonFly to use either SHA-1, or SHA-2. Out
of the two options I would recommend SHA-2, since problems have been
identified in SHA-1.

It does say in Wikipedia, that Unix/Linux vendors are migrating to use SHA-2
for password hashes (256-bit and 512-bit).

PS It says in Wikipedia that MD5 "should be considered cryptographically
broken and unsuitable for further use", and that US government applications
are required to move to SHA-2 by 2010.

unnamed (825 Bytes) robin.carey1, 02/20/2010 05:02 PM

History

#1 Updated by dillon over 4 years ago

:In the DFLY Handbook, it states that DragonFly uses MD5 for creating
:password entries/hashes (/etc/passwd).
:
:I would like to point out that MD5 is old and considered broken.
:
:Therefore, I suggest upgrading DragonFly to use either SHA-1, or SHA-2. Out
:of the two options I would recommend SHA-2, since problems have been
:identified in SHA-1.
:
:It does say in Wikipedia, that Unix/Linux vendors are migrating to use SHA-2
:for password hashes (256-bit and 512-bit).
:
:PS It says in Wikipedia that MD5 "should be considered cryptographically
:broken and unsuitable for further use", and that US government applications
:are required to move to SHA-2 by 2010.
:
:--
:Sincerely,
:Robin Carey

Well... if someone wants to add another encryption method that's fine
w/me. Nobody should be using plaintext passwords for remote access
anyway since most attacks don't even bother trying to decrypt any more,
they just run against a dictionary.

-Matt

#2 Updated by robgar almost 4 years ago

Yes MD5 is considered broken, and it is broken in a practical sense. We need
to do this and change the default. Even though people shouldnt.. you know the
rest of the story.

#3 Updated by alexh almost 4 years ago

I've done a bit of research and the changes that are needed are the following:
1) add support for sha2 (256, 384, 512?) to lib/libcrypt.
2) modify the #define PASSWORD_HASH in lib/pam_module/pam_unix/pam_unix.c to the new hash to
be used
3) modify the default passwd_format in /etc/login.conf

Overall quite a minor task that I think would be even suitable for google code-in. Any
further comments on this?

Regards,
Alex Hornung

#4 Updated by alexh over 3 years ago

For whatever it's worth, I submitted this as a google code-in task[1]. Hopefully
it'll get done by the famous $someone.

Cheers,
Alex

[1]: http://www.google-
melange.com/gci/task/show/google/gci2010/dragonflybsd/t129101576849

#5 Updated by sgeorge.ml over 3 years ago

On Sun, Feb 21, 2010 at 6:31 AM, Matthew Dillon
<> wrote:
>
>
>    Well... if someone wants to add another encryption method that's fine
>    w/me.  Nobody should be using plaintext passwords for remote access
>    anyway since most attacks don't even bother trying to decrypt any more,
>    they just run against a dictionary.
>
>

the password-hashing method used in OpenBSD uses an algorithm derived
from Blowfish that makes use of the slow key schedule; the idea is
that the extra computational effort required gives protection against
dictionary attacks.

http://en.wikipedia.org/wiki/Blowfish_%28cipher%29

thanks :-)

--Siju

#6 Updated by alexh over 3 years ago

Committed in 6737f3b945f8531f8d5934dfaad3b4bb4a48b739.

Also available in: Atom PDF