Home page logo

bugtraq logo Bugtraq mailing list archives

Re: passwd hashing algorithm
From: J.S.Peatfield () damtp cam ac uk (Jon Peatfield)
Date: Sat, 15 Apr 1995 16:42:30 +0100

What about md5?

Too fast, it still allows dictionary attacks rather easily (yes I know that 
users should choose good passwords, but some won't).

md5^500 (500 rounds of md5), or however many takes about 0.5 seconds on a fast 
computer (say a DEC Alpha 3000 model 900), should be enough.

  -- Jon

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]